Wireshark-bugs: [Wireshark-bugs] [Bug 10109] New: Fix MP2T dissector reassembly

Date: Fri, 16 May 2014 09:14:31 +0000
Bug ID 10109
Summary Fix MP2T dissector reassembly
Classification Unclassified
Product Wireshark
Version Git
Hardware x86
OS All
Status UNCONFIRMED
Severity Normal
Priority Low
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Created attachment 12762 [details]
Fix MP2T reassembly

Build Information:
Version 1.11.4 (v1.11.4-rc1-407-g2197a08 from master)
--
There are currently a few issues with mp2t reassembly.

When a subpacket is entierly contained in an MP2T packet, the frag_id is not
incremented. The consequence is that the length of the subpacket is not
calculated correctly on the second pass because mp2t_get_packet_length(). This
function will find a fragment when calling fragment_get() and return the wrong
length. The fix is to increment frag_id when we encounter such self-contained
subpacket. This prevents fragment_get() to return an invalid frag.


Secondly, if an MP2T packet contains a full subpacket and a fragment of another
one, it happens that the first subpacket contains an ethernet frame
(encapsulated in DOCSIS). This makes pinfo->{src,dst} contain an address. This
is then re-used to calculate the hash in fragment_add_check().
It is of course invalid and should be reset to NULL.
The macro SET_ADDRESS_HF() was found to be incorrect and fixed as well.


Lastly, the comment about the adaptation field control being invalid for DOCSIS
is wrong. The AFC is only invalid if it's != 1 (which means contains a payload
but no adaptation field).

The attached patch fixes all those issues.


You are receiving this mail because:
  • You are watching all bug changes.