Hi, ethereal users and developers,
Ethereal-0.9.5 has a minor bug that is misread PPP FCS with
the Address-Control-Field (0xff,0x03) preceded packet.
Starting offset and check length are wrong.
[PPP packet sample, Length=n, fcs16]
7eff03c021010100xx...xx(fcs)7e
[INCORRECT: ethereal-0.9.5]
7eff03c021010100xx...xx(fcs)7e
<---------------> check (n-6) from protocol-field
[CORRECT]
7eff03c021010100xx...xx(fcs)7e
<-------------------> check (n-4) octets from flag (0x7e)
As you know, on HDLC like framing, PPP/LCP packet must be set
the Address-Control-Field (0xff,0x03) prior to the Protocol-
Field.
Best regards and thank you,
Hidetaka OGAWA
NEC Software Kyushu, Ltd.
---- cut here ----
diff -uarw ethereal-0.9.5/packet-ppp.c ethereal-0.9.5-ppp-fcs-fix/packet-ppp.c
--- ethereal-0.9.5/packet-ppp.c 2002-05-23 10:52:42.000000000 +0900
+++ ethereal-0.9.5-ppp-fcs-fix/packet-ppp.c 2002-08-02 15:16:24.000000000 +0900
@@ -1295,7 +1295,7 @@
fcs16(register guint16 fcs, tvbuff_t * tvbuff)
{
int offset = 0;
- guint len = tvb_length(tvbuff);
+ guint len = tvb_length(tvbuff)-2;
guint8 val;
/* Check for Invalid Length */
@@ -1319,7 +1319,7 @@
fcs32(guint32 fcs, tvbuff_t * tvbuff)
{
int offset = 0;
- guint len = tvb_length(tvbuff);
+ guint len = tvb_length(tvbuff)-4;
guint8 val;
/* Check for invalid Length */
@@ -2706,7 +2706,7 @@
* Compute the FCS and put it into the tree.
*/
rx_fcs_offset = proto_offset + len;
- rx_fcs_exp = fcs16(0xFFFF, next_tvb);
+ rx_fcs_exp = fcs16(0xFFFF, tvb);
rx_fcs_got = tvb_get_letohs(tvb, rx_fcs_offset);
if (rx_fcs_got != rx_fcs_exp) {
proto_tree_add_text(fh_tree, tvb, rx_fcs_offset, 2,
@@ -2758,7 +2758,7 @@
* Compute the FCS and put it into the tree.
*/
rx_fcs_offset = proto_offset + len;
- rx_fcs_exp = fcs32(0xFFFFFFFF, next_tvb);
+ rx_fcs_exp = fcs32(0xFFFFFFFF, tvb);
rx_fcs_got = tvb_get_letohl(tvb, rx_fcs_offset);
if (rx_fcs_got != rx_fcs_exp) {
proto_tree_add_text(fh_tree, tvb, rx_fcs_offset, 4,
---- cut here ----