Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 9714] New: Ieee802a OUI extended ethertype subdissection broken, since Release

Wireshark-bugs: [Wireshark-bugs] [Bug 9714] New: Ieee802a OUI extended ethertype subdissection b

Date: Sun, 02 Feb 2014 11:54:40 +0000

Bug ID	9714
Summary	Ieee802a OUI extended ethertype subdissection broken, since Release 1.8.9
Classification	Unclassified
Product	Wireshark
Version	1.8.9
Hardware	All
OS	All
Status	UNCONFIRMED
Severity	Major
Priority	Medium
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]
CC	[email protected]
Attachment #12523 Flags	review_for_checkin?

Created attachment 12523 [details]
Patch fixing OUI retrieval for subdissector table lookup

Build Information:
Version 1.8.13 (SVNRev 54940 from /trunk-1.8)

Copyright 1998-2014 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.22, with Cairo 1.12.16, with Pango 1.36.0,
with
GLib 2.36.4, with libpcap, with libz 1.2.8, with POSIX capabilities (Linux),
with SMI 0.4.8, with c-ares 1.10.0, with Lua 5.1, without Python, with GnuTLS
2.12.23, with Gcrypt 1.5.3, with MIT Kerberos, with GeoIP, with PortAudio
V19-devel (built Jan 15 2014 22:20:11), with AirPcap.

Running on Linux 3.12-1-amd64, with locale en_US.UTF-8, with libpcap version
1.5.3, with libz 1.2.8, GnuTLS 2.12.23, Gcrypt 1.5.3, without AirPcap.

Built using gcc 4.8.2.

--
Withr49939 (trunk,r50688 trunk-1.10,r50845 trunk-1.8) the retrieval of the
OUI from the TVB has changed from tvb_get_ntoh24() to tvb_memcpy(). This
introduces an endianess issue for little endian platforms. This because the
retrieved OUI is also used to find a subdissector table: (oui_info =
g_hash_table_lookup(oui_info_table, GUINT_TO_POINTER(oui))). This now has been
compromised, hence no proper OUI extended ethertype subdissector gets called.

The attached patch fixes this problem. It's based on trunk-1.8, but should work
on trunk and trunk-1.10 also. 

Unfortunately the only in-tree dissector using this (ECP) has no sample capture
file attached to its bug (bug 6849), so there's no testing material. The code
I'm working on cannot be released, so I'll have to try and synthesize a sample
ECP frame.

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 9714] Ieee802a OUI extended ethertype subdissection broken, since Release 1.8.9
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9714] Ieee802a OUI extended ethertype subdissection broken, since Release 1.8.9
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9714] Ieee802a OUI extended ethertype subdissection broken, since Release 1.8.9
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9714] Ieee802a OUI extended ethertype subdissection broken, since Release 1.8.9
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9714] Ieee802a OUI extended ethertype subdissection broken, since Release 1.8.9
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9714] Ieee802a OUI extended ethertype subdissection broken, since Release 1.8.9
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 9706] Fix trunk for FreeBSD 10.0
Next by Date: [Wireshark-bugs] [Bug 9714] Ieee802a OUI extended ethertype subdissection broken, since Release 1.8.9
Previous by thread: [Wireshark-bugs] [Bug 9689] Wireshark segfault error 6 in libglib-2.0.so.0.3600.3+126000 When analyzing NFS packets
Next by thread: [Wireshark-bugs] [Bug 9714] Ieee802a OUI extended ethertype subdissection broken, since Release 1.8.9
Index(es):
- Date
- Thread