Wireshark-bugs: [Wireshark-bugs] [Bug 7940] Reassembly of Cisco IKE fragments does not work as e

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Wed, 31 Oct 2012 04:41:41 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7940

--- Comment #3 from Matthias St. Pierre <msp@xxxxxx> 2012-10-31 04:41:40 PDT ---
PRELIMINARY ANALYSIS
====================

the method dissect_cisco_fragmentation() tries to reassemble the data and then
calls dissect_isakmp() if successfull

    static void
    dissect_cisco_fragmentation(tvbuff_t *tvb, int offset, int length,
proto_tree *tree, packet_info *pinfo)
    {

        (...)

        defrag_isakmp_tvb = process_reassembled_data(tvb, offset, pinfo,
                                                     "Reassembled ISAKMP",
frag_msg, &isakmp_frag_items,
                                                     NULL, ptree);

        if (defrag_isakmp_tvb) { /* take it all */
          dissect_isakmp(defrag_isakmp_tvb, pinfo, ptree);
        }

    }

In case (II), process_reassembled_data() always returns NULL, so the
'if(defrag_isakmp_tvb)' clause is never executed

In case (I), the 'if(defrag_isakmp_tvb)' clause is executed and subsequently
there is an exception thrown from inside dissect_isakmp(),
see traceback below.

It appears to me that tvb_ensure_bytes_exist() fails because checks whether the
length of the 
reassembled package (1508 bytes) fits into the length of the fragment (508
bytes). This does not make any sense to me.


    #0  except_throw (group=1, code=2, msg=0x0) at except.c:284
    #1  0x00827d5d in check_offset_length (tvb_length_val=508,
tvb_reported_length_val=508, offset=24, length_val=1508, offset_ptr=0xbfffd67c,
length_ptr=0xbfffd678) at tvbuff.c:487
    #2  0x00828a91 in tvb_ensure_bytes_exist (tvb=0x9210738, offset=24,
length=1508) at tvbuff.c:747
    #3  0x00d08675 in dissect_isakmp (tvb=0x9210738, pinfo=0x93f0488,
tree=0xb7feaaf8) at packet-isakmp.c:2865
    #4  0x00d0bf7f in dissect_cisco_fragmentation (tvb=0x91f5b30, offset=36,
length=512, tree=0xb7feaaf8, pinfo=0x93f0488) at packet-isakmp.c:3829
    #5  0x00d07aa9 in dissect_payloads (tvb=0x91f5b30, tree=0xb7fea9a8,
parent_tree=0xb7fea000, isakmp_version=2, initial_payload=132 '\204',
offset=28, length=516, pinfo=0x93f0488) at packet-isakmp.c:2653
    #6  0x00d08852 in dissect_isakmp (tvb=0x91f5b30, pinfo=0x93f0488,
tree=0xb7fea000) at packet-isakmp.c:2888
    #7  0x007ec123 in call_dissector_through_handle (handle=0x8671578,
tvb=0x91f5b30, pinfo=0x93f0488, tree=0xb7fea000, data=0x0) at packet.c:449
    #8  0x007ec2da in call_dissector_work (handle=0x8671578, tvb=0x91f5b30,
pinfo_arg=0x93f0488, tree=0xb7fea000, add_proto_name=1, data=0x0) at
packet.c:540
    #9  0x007ee6cd in call_dissector_only (handle=0x8671578, tvb=0x91f5b30,
pinfo=0x93f0488, tree=0xb7fea000, data=0x0) at packet.c:2054
    #10 0x007ee744 in call_dissector_with_data (handle=0x8671578,
tvb=0x91f5b30, pinfo=0x93f0488, tree=0xb7fea000, data=0x0) at packet.c:2067
    #11 0x007ee851 in call_dissector (handle=0x8671578, tvb=0x91f5b30,
pinfo=0x93f0488, tree=0xb7fea000) at packet.c:2085
    #12 0x00cf74cc in dissect_udpencap (tvb=0x9210988, pinfo=0x93f0488,
tree=0xb7fea000) at packet-ipsec-udp.c:73
    (...)

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.