https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4565
Summary: some ncp frames trigger "Dissector bug, protocol NCP"
Product: Wireshark
Version: SVN
Platform: Other
OS/Version: Windows XP
Status: NEW
Severity: Minor
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: jyoung@xxxxxxx
Created an attachment (id=4377)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4377)
odd numbered ncp frames trigger ncp dissector bug
Build Information:
$ tshark -v
TShark 1.3.4 (SVN Rev 32148 from /trunk)
Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GLib 2.22.4, with WinPcap (version unknown), with libz 1.2.3,
without POSIX capabilities, without libpcre, with SMI 0.4.8, with c-ares 1.7.0,
with Lua 5.1, without Python, with GnuTLS 2.8.5, with Gcrypt 1.4.5, with MIT
Kerberos, with GeoIP.
Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1.1
(packet.dll version 4.1.0.1753), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 2.8.5, Gcrypt 1.4.5.
Built using Microsoft Visual C++ 9.0 build 30729
--
In the attached trace file the odd numbered frames (the frames sourced from ip
10.1.1.1) trigger a "Dissector bug, protocol NCP" message in both Wireshark and
tshark.
> $ tshark -r ncp.frames1-10.pcap
>
> ** (tshark.exe:5956): WARNING **: Dissector bug, protocol NCP, in packet 1: STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address
> 1 0xdd2a (56618) 0.000000 10.1.1.1 -> 10.2.2.2 NCP 1 1 101 101 C Obtain File or SubDirectory Information[Dissector bug, protocol NCP: STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address]
> 2 0xe07c (57468) 0.000050 10.2.2.2 -> 10.1.1.1 NCP 1 48 151 151 R OK
>
> ** (tshark.exe:5956): WARNING **: Dissector bug, protocol NCP, in packet 3: STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address
> 3 0xdd2b (56619) 0.000535 10.1.1.1 -> 10.2.2.2 NCP 48 98 101 101 C Obtain File or SubDirectory Information[Dissector bug, protocol NCP: STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address]
> 4 0xe17c (57724) 0.000554 10.2.2.2 -> 10.1.1.1 NCP 98 95 151 151 R OK
>
> ** (tshark.exe:5956): WARNING **: Dissector bug, protocol NCP, in packet 5: STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address
> 5 0xdd2c (56620) 0.001024 10.1.1.1 -> 10.2.2.2 NCP 95 195 101 101 C Obtain File or SubDirectory Information[Dissector bug, protocol NCP: STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address]
> 6 0xe27c (57980) 0.001041 10.2.2.2 -> 10.1.1.1 NCP 195 142 151 151 R OK
>
> ** (tshark.exe:5956): WARNING **: Dissector bug, protocol NCP, in packet 7: STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address
> 7 0xdd2d (56621) 0.001449 10.1.1.1 -> 10.2.2.2 NCP 142 292 101 101 C Obtain File or SubDirectory Information[Dissector bug, protocol NCP: STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address]
> 8 0xe37c (58236) 0.001463 10.2.2.2 -> 10.1.1.1 NCP 292 189 151 151 R OK
>
> ** (tshark.exe:5956): WARNING **: Dissector bug, protocol NCP, in packet 9: STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address
> 9 0xdfb1 (57265) 41.862824 10.1.1.1 -> 10.2.2.2 NCP 189 389 121 121 C Obtain File or SubDirectory Information[Dissector bug, protocol NCP: STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address]
> 10 0x788e (30862) 41.862887 10.2.2.2 -> 10.1.1.1 NCP 389 256 70 70 R No matching files or directories were found
>
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.