-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Tim Jansen reported a bug to me concerning the SRVLOC dissector. The problem
is when you have a SrvTypeRqst for all naming authorities.
RFC2608, Section 10.1 states:
" If the Naming Authority string is absent, the IANA
registered service types will be returned. If the length of the
Naming Authority is set to 0xFFFF, the Naming Authority string is
omitted and ALL Service Types are returned, regardless of Naming
Authority."
That chokes the current dissector, which uses the length to read the
subsequent 65535 bytes, only to come up short. There is a sample capture that
shows this.
I have no idea how I missed this case when I did my original testing - I
certainly have a SrvTypeRqst test case, but it has a length of 0 (ie, the
IANA case), not 65535 (the all authorities case).
The only way I can see to fix this up is to special case this. Please review
the attached patch, and apply if OK.
MD5 sum patch of patch:
a03fc3572daa142a8c3ce7bb60efbaa1 srvloc-ffff-fix.patch
Brad
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE+L7pHW6pHgIdAuOMRAiUYAJ9Z7OTxLrllJUGe+X50TpdnXEk6ywCfSHw7
PP6CKkLiQESDwYZNRmh5Xts=
=Kwmb
-----END PGP SIGNATURE-----
Attachment:
no-authority.cap
Description: Binary data
diff -Naur -x register.c -x register-static.c -x ps.c clean/ethereal-0.9.8/packet-srvloc.c ethereal-0.9.8/packet-srvloc.c
--- clean/ethereal-0.9.8/packet-srvloc.c Sat Oct 5 13:47:38 2002
+++ ethereal-0.9.8/packet-srvloc.c Thu Jan 23 18:12:33 2003
@@ -109,6 +109,7 @@
static int hf_srvloc_srvtypereq_prlistlen = -1;
static int hf_srvloc_srvtypereq_prlist = -1;
static int hf_srvloc_srvtypereq_authlistlen = -1;
+static int hf_srvloc_srvtypereq_authlistlenall = -1;
static int hf_srvloc_srvtypereq_authlist = -1;
static int hf_srvloc_srvtypereq_scopelistlen = -1;
static int hf_srvloc_srvtypereq_scopelist = -1;
@@ -884,10 +885,15 @@
proto_tree_add_item(srvloc_tree, hf_srvloc_srvtypereq_prlist, tvb, offset, length, TRUE);
offset += length;
length = tvb_get_ntohs(tvb, offset);
- proto_tree_add_uint(srvloc_tree, hf_srvloc_srvtypereq_authlistlen, tvb, offset, 2, length);
- offset += 2;
- proto_tree_add_item(srvloc_tree, hf_srvloc_srvtypereq_authlist, tvb, offset, length, TRUE);
- offset += length;
+ if (0xFFFF == length) {
+ proto_tree_add_uint(srvloc_tree, hf_srvloc_srvtypereq_authlistlenall, tvb, offset, 2, length);
+ offset += 2;
+ } else {
+ proto_tree_add_uint(srvloc_tree, hf_srvloc_srvtypereq_authlistlen, tvb, offset, 2, length);
+ offset += 2;
+ proto_tree_add_item(srvloc_tree, hf_srvloc_srvtypereq_authlist, tvb, offset, length, TRUE);
+ offset += length;
+ }
length = tvb_get_ntohs(tvb, offset);
proto_tree_add_uint(srvloc_tree, hf_srvloc_srvtypereq_scopelistlen, tvb, offset, 2, length);
offset += 2;
@@ -1270,6 +1276,10 @@
{ "Naming Authority List Length", "srvloc.srvtypereq.nameauthlistlen", FT_UINT16, BASE_DEC, NULL, 0x0,
"Length of the Naming Authority List", HFILL}
},
+ { &hf_srvloc_srvtypereq_authlistlenall,
+ { "Naming Authority List Length (All Naming Authorities)", "srvloc.srvtypereq.nameauthlistlen", FT_UINT16, BASE_DEC, NULL, 0x0,
+ "Length of the Naming Authority List", HFILL}
+ },
{ &hf_srvloc_srvtypereq_authlist,
{ "Naming Authority List", "srvloc.srvtypereq.nameauthlist", FT_STRING, BASE_DEC, NULL, 0x0,
"", HFILL}