https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15473
Bug ID: 15473
Summary: Invalid FC1 response from modbus dissector when
response has no request frame
Product: Wireshark
Version: 2.6.6
Hardware: x86
OS: Linux
Status: UNCONFIRMED
Severity: Major
Priority: Low
Component: Dissection engine (libwireshark)
Assignee: bugzilla-ad...@wireshark.org
Reporter: bugzi...@graglia.fr
Target Milestone: ---
Created attachment 16887
--> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16887&action=edit
pcaps demonstrating the pb
Build Information:
Wireshark 2.6.6 (Git v2.6.6 packaged as 2.6.6-1~ubuntu16.04.0)
Copyright 1998-2019 Gerald Combs <ger...@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with Qt 5.5.1, with libpcap, with POSIX capabilities (Linux),
with libnl 3, with GLib 2.48.2, with zlib 1.2.8, with SMI 0.4.8, with c-ares
1.10.0, with Lua 5.2.4, with GnuTLS 3.4.10, with Gcrypt 1.6.5, with MIT
Kerberos, with MaxMind DB resolver, with nghttp2 1.7.1, with LZ4, with Snappy,
with libxml2 2.9.3, with QtMultimedia, with SBC, with SpanDSP, without bcg729.
Running on Linux 4.15.0-43-generic, with Intel(R) Core(TM) i7-2600K CPU
@
3.40GHz (with SSE4.2), with 15747 MB of physical memory, with locale
fr_FR.UTF-8, with libpcap version 1.7.4, with GnuTLS 3.4.10, with Gcrypt 1.6.5,
with zlib 1.2.8, binary plugins supported (0 loaded).
Built using gcc 5.4.0 2016060
--
Wireshark does correctly decode 503 bits from the response packet in the "fc1
query and response" pcap. it load 63 bytes, therefore 63 * 8 = 504 bits but
only show 503 as requested by the request frame "bit count" property.
The other pcap does only include the response, and in this case I was expected
wireshark to decode/display the whole 504 bits as it has no access to the
request frame and therefore can not known how many bits where requested.
But it decode 63 bits and this seem wrong to me : each 63 byte seems to be
decoded as a bit.
I have found
https://github.com/wireshark/wireshark/blob/7eb3e47fa49806ea2cf59f0fa009240fae049a2b/epan/dissectors/packet-mbtcp.c#L891
but I'm not fluent enough in C to spot something wrong.
May be something with the ?
/* If all the requested bits have been read, stop now */
if ((reg_num - reg_base) >= num_reg) {
break;
}
Attached tar.gz content :
* pcap qith query & response : test-case_tcp_func-code-1_read-coils.pcapng
* pcap qith the response only :
test-case_tcp_func-code-1_read-coils_single_response_frame.pcapng
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
