Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 9381] New: Wireshark tvb_reported_length_remaining() does not return correct v

Wireshark-bugs: [Wireshark-bugs] [Bug 9381] New: Wireshark tvb_reported_length_remaining() does

Date: Mon, 04 Nov 2013 20:30:36 +0000

Bug ID	9381
Summary	Wireshark tvb_reported_length_remaining() does not return correct value
Classification	Unclassified
Product	Wireshark
Version	SVN
Hardware	All
OS	All
Status	UNCONFIRMED
Severity	Major
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Created attachment 12000 [details]
HTTP transaction where server sends more than advertised data

Build Information:
TShark 1.11.1 (SVN Rev 53077 from /trunk)

Copyright 1998-2013 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.36.0, with libpcap, with libz 1.2.7, without
POSIX
capabilities, without libnl, without SMI, without c-ares, without ADNS, without
Lua, without Python, with GnuTLS 2.12.23, with Gcrypt 1.5.0, without Kerberos,
without GeoIP.

Running on Linux 3.8.0-19-generic, with locale en_US.UTF-8, with libpcap
version
1.3.0, with libz 1.2.7.
Intel(R) Xeon(R) CPU           E5620  @ 2.40GHz

Built using gcc 4.7.3.

--
Given a HTTP response with "Content-Length: 5", but actually sending 20 bytes
of response in a separate packet, tvb_reported_length_remaining() returns 5. 
It should be sending 20, right?  packet-http.c depends on this to check if we
have got more than Content-Length bytes of data.  I'm only just starting to
grok Wireshark source code, so please correct me if I'm wrong.

Please use attached pcap file for your testing.

Here is a sample read (I put printf() in packet-http.c):
  8   6.347336 10.217.212.4 -> 10.217.212.3 HTTP 68 GET / HTTP/1.1
datalen: 5, reported_datalen: 5, content_length: 5
 18  23.864308 10.217.212.3 -> 10.217.212.4 HTTP 87 HTTP/1.1 200 OK 
(text/plain)
 20  24.016468 10.217.212.3 -> 10.217.212.4 HTTP 67 Continuation or non-HTTP
traffic

I checked with 1.8.2, it shows the same value on that version too.

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 9381] Wireshark tvb_reported_length_remaining() does not return correct value
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9381] Wireshark tvb_reported_length_remaining() does not return correct value
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9381] Wireshark tvb_reported_length_remaining() does not return correct value
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9381] HTTP Reassembly fails
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9381] HTTP reassembly fails if Content-Length header is wrong
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9381] HTTP reassembly fails if Content-Length header is wrong
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9381] HTTP reassembly fails if Content-Length header is wrong
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 9367] Enhancement of the packet-mq dissector (WMQ 7.1-7.5)
Next by Date: [Wireshark-bugs] [Bug 9381] Wireshark tvb_reported_length_remaining() does not return correct value
Previous by thread: [Wireshark-bugs] [Bug 9380] Add response time to the rtpproxy dissector
Next by thread: [Wireshark-bugs] [Bug 9381] Wireshark tvb_reported_length_remaining() does not return correct value
Index(es):
- Date
- Thread