Wireshark-bugs: [Wireshark-bugs] [Bug 10289] New: DNP3 dissector bug in multi-fragmented message

Date: Thu, 17 Jul 2014 23:47:35 +0000
Bug ID 10289
Summary DNP3 dissector bug in multi-fragmented messages with TCP retransmissions
Classification Unclassified
Product Wireshark
Version 1.12.0
Hardware x86-64
OS Windows 7
Status UNCONFIRMED
Severity Major
Priority Low
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Created attachment 12906 [details]
A capture file

Build Information:
Version 1.12.0-rc2 (v1.12.0-rc2-0-gfd017ee from master-1.12)

Copyright 1998-2014 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with
GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares
1.9.1, with Lua 5.2, without Python, with GnuTLS 3.1.22, with Gcrypt 1.6.0,
with
MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Jun 13 2014), with
AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 3.1.22, Gcrypt 1.6.0, without AirPcap.
        Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz, with 16342MB of physical
memory.


Built using Microsoft Visual C++ 10.0 build 40219

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
I’d like to report a bug in DNP3 dissector for reassembled multi-fragment DNP3
packets (DNP3 over TCP). In case of TCP retransmissions the DNP3 dissector
reassembles invalid DNP3 application layer message by copying the retransmitted
TCP data straight into the final DNP3 packet without checking if it’s a
retransmission or not. As a result the dissector parses DNP3 application layer
payload incorrectly. Please find a capture file in the attachment: here in
packet #18 DNP3 transport layer frame 6 (packet #6) is a retransmission of the
frame 1 data (packet #1). Thanks.


You are receiving this mail because:
  • You are watching all bug changes.