https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6367
Summary: Correct IPv6 packet reported as malformed
Product: Wireshark
Version: 1.6.1
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: Low
Component: Wireshark
AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
ReportedBy: eapache@xxxxxxxxx
Created an attachment (id=7060)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=7060)
Dump file which reproduces the problem.
Build Information:
Version 1.6.1 (SVN Rev Unknown from unknown)
Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (32-bit) with GTK+ 2.24.5, with GLib 2.29.14, with libpcap 1.1.1, with
libz 1.2.3.4, with POSIX capabilities (Linux), without libpcre, with SMI 0.4.8,
with c-ares 1.7.4, with Lua 5.1, without Python, with GnuTLS 2.10.5, with
Gcrypt
1.5.0, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Jul 27
2011 11:30:44), without AirPcap.
Running on Linux 3.0.0-11-generic, with libpcap version 1.1.1, with libz
1.2.3.4, GnuTLS 2.10.5, Gcrypt 1.5.0.
Built using gcc 4.6.1.
--
If an IPv6 packet uses a protocol that is unknown to wireshark wireshark will
make guesses about the format of the packet and report the packet as malformed
if the incorrectly deduced fields contain unexpected values.
For every unknown protocol number wireshark guesses that it is an IPv6
extension header in which the first two bytes are a next header field and a
length field.
If the first byte of this unknown header happens to match a protocol number
that wireshark does know, it will proceed parsing data as if that protocol is
what it should have been parsing. In effect if the first guess was incorrect
wireshark will use a randomly chosen parser to parse at a random offset within
a packet of an unknown format.
Originally reported in Ubuntu by Kasper Dupont at:
https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/854683
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.