Wireshark-bugs: [Wireshark-bugs] [Bug 5289] New: A GTK-ERROR can occur in packets when there are

Date: Mon, 11 Oct 2010 15:06:52 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5289

           Summary: A GTK-ERROR can occur in packets when there are
                    multiple Netbios/SMB headers in a single frame
           Product: Wireshark
           Version: 1.4.0
          Platform: Other
        OS/Version: Windows XP
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: fschorr@xxxxxxxxxxx


Build Information:
Version 1.4.0 (SVN Rev 34005 from /trunk-1.4)

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.16.6, (32-bit) with GLib 2.22.4, with WinPcap (version
unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, with
SMI
0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.8.5, with
Gcrypt 1.4.5, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built
Aug
29 2010), with AirPcap.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1.2
(packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 2.8.5, Gcrypt 1.4.5, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729
--
A GTK-ERROR can occur in packets when there are multiple Netbios/SMB headers in
a single frame.  

In the attached capture please ignore the IP and TCP layer errors (the capture
was scrubbed). Please view the Packet List, Packet Detail and Packet Bytes
window.  In the Packet Detail window you'll see that there are 8 Netbios
Session Service layers with 8 corresponding SMB layers.

To see the problem do the following:

1) Click on the first NetBIOS Session Service entry in the Packet Detail
window.  In the Packet Bytes window (hex) you'll see that only 4 bytes
(0x0042-0x0045) are highlighted instead of the whole NetBIOS PDU.

2)Click on the second NetBIOS Session Service entry in the Packet Detail
window.  In the Packet Bytes window (hex) you'll see that 92 bytes
(0x00f2-0x01a5) are highlighted.  This is the whole NetBIOS PDU plus 4 extra
bytes.

3) Click on the third NetBIOS Session Service entry in the Packet Detail
window.  In the Packet Bytes window (hex) you'll see that 180 bytes
(0x009a-0x00f5) are highlighted.  This is the whole NetBIOS PDU plus 92 extra
bytes.

4) Click on the fourth NetBIOS Session Service entry in the Packet Detail
window.  In the Packet Bytes window (hex) you'll see that 267 bytes
(0x009a-0x00f5) are highlighted.  This is the whole NetBIOS PDU plus 179 extra
bytes.

5) Click on the fifth NetBIOS Session Service entry in the Packet Detail
window.  At this point You get the error "Gtk-ERROR Byte index 6 is off the end
of the line aborting..." message.  This error occurs because the area to be
highlighted in the Packet Detail window is beyond the end of the TVB.

Cause:

This problem appears to be caused by the "proto_item_set_len(ti, offset);"
statement in the "dissect_nbss_packet()" routine.  I see no reason why this
statement is being used particularly since there are multiple NetBIOS PDUs in
this frame and this call is using the current "offset" to try to set the PDU
lenght for each of the PDUs which leads to the error.

If I comment out "proto_item_set_len(ti, offset);" and recompile the errors
goes away and the high-lightening in the Packet Bytes window is correct.

At this point I'm not sure if this is the actual fix without more testing.

Frank Schorr

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.