https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6950
Summary: Detecting malformed package dissection disables
dissector for WS session
Product: Wireshark
Version: 1.7.x (Experimental)
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: Low
Component: Wireshark
AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
ReportedBy: rknall@xxxxxxxxx
Created attachment 8015
--> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=8015
Sample capture demonstrating the behaviour of this bug.
Build Information:
TShark 1.7.1-SVN-41445 (SVN Rev 41445 from /trunk)
Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GLib 2.26.1, with WinPcap (4_1_2), with libz 1.2.5,
without POSIX capabilities, with SMI 0.4.8, with c-ares 1.7.1, with Lua 5.1,
without Python, with GnuTLS 2.10.3, with Gcrypt 1.4.6, without Kerberos, with
GeoIP.
Running on 64-bit Windows 7, build 7600, with WinPcap version 4.1.2 (packet.dll
version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b (20091008).
Built using Microsoft Visual C++ 9.0 build 21022
--
I verified this bug with both a Windows build, as well as the current SVN
version under Linux (Ubuntu x64).
1. Open the attached trace, all packages contain openSAFETY data, and for the
first two packages openSAFETY get's dissected correctly.
2. Select the 78th package. It has 192.168.1.17 as it's source, and is
malformed, due to a bug in the openSAFETY dissector (will be fixed soon)
3. No matter what you do next, opensafety will not be present anymore, as long
as you do not close wireshark. Add the display filter opensafety for instance,
no packages will be returned. As well as if you select any other package and
return to that specific package, opensafety will not be present as well.
I get that a malformed dissector can cause harm. But this seems to be very
drastic behaviour, as in the only thing, that will enable the dissector again,
is closing and reopening wireshark.
In my point of view, this is a bug.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.