Wireshark-bugs: [Wireshark-bugs] [Bug 1272] New: CORBA dissectors show malformed packet errors f

Date: Tue, 19 Dec 2006 10:54:08 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1272

           Summary: CORBA dissectors show malformed packet errors for
                    requests with no body.
           Product: Wireshark
           Version: 0.99.3
          Platform: PC
        OS/Version: Windows 2000
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: Andy.Ling@xxxxxxxxxxx


Build Information:
Version 0.99.3a

Copyright 1998-2006 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.6.9, with GLib 2.6.6, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.3.1, with ADNS, with Lua
5.1.

Running with WinPcap version 3.1 (packet.dll version 3, 1, 0, 27), based on
libpcap version 0.9[.x] on Windows 2000 Service Pack 4, build 2195.

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
CORBA dissectors show malformed packet errors for good data.

A CORBA dissector built using the idl2wrs script incorrectly marks some CORBA
1.2 requests with no body with a malformed packet error.
This is because the function start_dissecting throws a ReportedBoundsError
exception. When the dissector is called by packet-giop the offset has been
moved beyond the end of the buffer which causes the exception.

The reason this happens is because in the dissect_giop_request_1_2 function in
packet-giop.c after decoding the service context list, the offset is moved to
an 8 byte boundary. If there is no body to the request this can move the offset
beyond the end of the buffer.

To fix this I have made the following change to packet-giop.c. This only does
the alignment if there is a body. For cases where there is no body any error
conditions should be handled in the same way as a 1.0 request.

--- packet-giop.c.orig  2006-12-11 11:02:50.000000000 +0000
+++ packet-giop.c       2006-12-19 10:34:00.803212900 +0000
@@ -3586,7 +3586,8 @@
    * GIOP octet stream start.
    */

-  set_new_alignment(&offset, GIOP_HEADER_SIZE, 8);
+  if (tvb_reported_length_remaining(tvb, offset) > 0)
+    set_new_alignment(&offset, GIOP_HEADER_SIZE, 8);

   /*
    * Save FN,reqid,and operation for later. Add sub_handle later.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.