| Bug ID |
10240
|
| Summary |
BFCP dissector bug: Incorrect handling of padding
|
| Classification |
Unclassified
|
| Product |
Wireshark
|
| Version |
unspecified
|
| Hardware |
x86
|
| OS |
Windows 7
|
| Status |
UNCONFIRMED
|
| Severity |
Major
|
| Priority |
Low
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Created attachment 12857 [details]
BFCP packet that is incorrectly handled due to padding
Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
The current BFCP dissector doesn't handle padding correctly.
In several places it does
pad_len = length & 0x03;
if(pad_len != 0){
pad_len = 4 - pad_len;
proto_tree_add_text(bfcp_attr_tree, tvb, offset, pad_len, "Padding");
}
offset = offset + pad_len;
which is all fine, but at the end of the function it does
if (length < (offset - attr_start_offset)){
expert_add_info_format(pinfo, item,
&ei_bfcp_attribute_length_too_small,
"Attribute length is too small (%d bytes)", length);
break;
}
Which doesn't take into account the padding length. This causes any BFCP
messages including padding to be incorrectly flagged as malformed. It also
stops processing of the packet which prevents easy analysis of additional
information.
You are receiving this mail because:
- You are watching all bug changes.