Re: [Wireshark-dev] malformed packet

Thu, 28 Feb 2013 00:17:25 -0800 

2013/2/28 Hadriel Kaplan <[email protected]>

>
> Wireshark's SIP dissector is throwing an error on the RAck header field
> method name.
> It shouldn't, because the message's header is correctly formed, but
> there's a bug in packet-sip.c:
> for case POS_RACK, when it goes to add the method name, it's using
> '(int)linelen-sub_value_offset' for the length argument to
> proto_tree_add_item(),
> but should be using '(int)value_len-sub_value_offset'.
>
> patch:
> Index: epan/dissectors/packet-sip.c
> ===================================================================
> --- epan/dissectors/packet-sip.c        (revision 47899)
> +++ epan/dissectors/packet-sip.c        (working copy)
> @@ -2734,7 +2734,7 @@
>                                                 {
>
> proto_tree_add_item(rack_tree, hf_sip_rack_cseq_method, tvb,
>
>   value_offset + sub_value_offset,
> -
>   (int)linelen-sub_value_offset, ENC_ASCII|ENC_NA);
> +
>   (int)value_len-sub_value_offset, ENC_ASCII|ENC_NA);
>                                                 }
>
>                                                 break;
>
> Hi Hadriel,

Thanks for the patch! I committed it in revision 47936 and scheduled it for
backport in 1.8.6 and 1.6.14.

Regards,
Pascal.


> On Feb 28, 2013, at 1:21 AM, Lohith HS <[email protected]>
> wrote:
>
> > Hi ,
> >
> >    I am getting malformed packet in SIP message(PRACK) in wireshark
> 1.6.7 version.
> >    But if i see the same capture in 0.9 version ,  there is no malformed
> packet issue.
> >    Pls can anyone tell me what is the issue.i have attached the capture
> file.
> >
> >
> > Thanks,
> > Lohith
> > <sip_prack_malformed.pcap
> >___________________________________________________________________________
> > Sent via:    Wireshark-dev mailing list <[email protected]>
> > Archives:    http://www.wireshark.org/lists/wireshark-dev
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> >             mailto:[email protected]
> ?subject=unsubscribe
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <[email protected]>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:[email protected]
> ?subject=unsubscribe
>

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <[email protected]>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:[email protected]?subject=unsubscribe

Reply via email to