Wireshark-bugs: [Wireshark-bugs] [Bug 4642] New: packet-dcm, packet reassembly is not reliable

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 5 Apr 2010 03:34:37 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4642

           Summary: packet-dcm, packet reassembly is not reliable
           Product: Wireshark
           Version: SVN
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: david_aggeler@xxxxxxxxxx


Build Information:
Version 1.3.5-DICOM-Edition-V5.0-

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.16.6, with GLib 2.22.4, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, without libpcre, with SMI 0.4.8,
with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.8.5, with Gcrypt
1.4.5, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Apr  3
2010), with AirPcap, with new_packet_list.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.0.2
(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, GnuTLS 2.8.5,
Gcrypt 1.4.5, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
When the DICOM traffic is not within the displayed first packets, or when user
jumps to a particular packet using goto (not scrolling), the packets show up as
invalid.

This is because packet-dcm does not handle tree=NULL correctly, and the data
structures are not initialized in the correct sequence.

Workaround for the time being, filter the capture to have just the desired
DICOM stream it. And scroll through the packets rather than a direct
navigation.

Fix to be submitted soon.[reply] [-] Comment 1 David 2010-04-02 11:51:17 PDT 
The problem is more general. This may occur at any point, but see so far

- When DICOM packets are not within the first few captured ones
- In 1.3, if one of the DCM packets is in packet #512
- When a C-STORE-RSP occurs in the middle of an open C-STORE

The DICOM dissector puts too much assumption into the packet order, as it is
being called by the framework.

The PDU reassembly is pretty reliable, but merging the 'More Fragments' PDUs
together is not done according Wireshark conventions.

As a result, exported DICOM objects can also be corrupt

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.