https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3317
--- Comment #6 from Bill Meier <wmeier@xxxxxxxxxxx> 2010-11-23 21:14:30 EST ---
(In reply to comment #0)
>
> malformed packet 25 says :"Contact wireshark devs ..." so I do it :-)
>
The "Internet Message Format" (IMF) dissector is trying to dissect encrypted
binary data in the attached capture as plain_text.
In all the IMF frames except #27, the attempt to dissect the Message Header
field fails completely so the message is just shown as "Message Text".
In frame #27, the binary message is such that there's a ":" as the last byte of
the message. Due to a bug in the dissector this particular case causes the
dissector to think there's a valid but unknown header field.
I'll fix that. [Committed in SVN # 35017]
That being said, it seems to me that the IMF dissector shouldn't even be trying
to do a dissection of binary data since there presumably can always be just
enough valid bytes (eg: ":" eventually followed by \r) to cause the dissector
to think it (sort of) has a field header.
I don't have any experience about the handling of TLS inside of a protocol so
I'll not address that.
(I'd be curious to know how other dissectors handle this: what do they do if
handed a payload might be encrypted but which hasn't been decrypted ? Is there
something that indicates that the payload hasn't been decrypted and thus no
dissection should be attempted ?)
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.