Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10536] New: smtp decoder can dump binary data to terminal in tshark

Wireshark-bugs: [Wireshark-bugs] [Bug 10536] New: smtp decoder can dump binary data to terminal

Date: Tue, 07 Oct 2014 15:43:04 +0000

Bug ID	10536
Summary	smtp decoder can dump binary data to terminal in tshark
Product	Wireshark
Version	1.12.1
Hardware	x86
OS	Windows 7
Status	UNCONFIRMED
Severity	Major
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Created attachment 13136 [details]
SMTP TLS partial capture

Build Information:
TShark 1.12.1 (Git Rev Unknown from unknown)

Copyright 1998-2014 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.40.0, with libpcap, with libz 1.2.8, with POSIX
capabilities (Linux), with libnl 3, with SMI 0.4.8, with c-ares 1.10.0, with
Lua
5.2, without Python, with GnuTLS 3.3.7, with Gcrypt 1.6.2, with MIT Kerberos,
with GeoIP.

Running on Linux 3.16-2-amd64, with locale en_US.UTF-8, with libpcap version
1.6.2, with libz 1.2.8.
Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz

Built using gcc 4.9.1.

--
If the SMTP decoder misses the STARTTLS part of the protocol, it can dump
binary data to the terminal which can mess it up.

Attached is a single frame from an SMTP TLS transaction on my mailserver that
reproduces the issue cleanly. I can also attach the full SMTP TLS transaction,
but tshark handles that just fine.

$ tshark -n -r smtptls.pcap
  1   0.000000 2600:3c03::f03c:91ff:fe96:b31a -> 2001:470:1f11:7b5::14 SMTP
1359 C: ��?����X6�B�x�6�(�����>��d|�:5CIs�`�r��5�������W (it keeps going, no
reason to paste it all)

It varies a little bit sometimes it looks more like this:
$ tshark -n -r smtptls.pcap 
  1   0.000000 2600:3c03::f03c:91ff:fe96:b31a -> 2001:470:1f11:7b5::14 SMTP
1359 C: ô?¿¬íX6Bäxæ6(¤ë枵>d|Ö:5CIs¡`½ré×5û¶¯ôW

tshark 1.10.7, 1.10.10, and 1.12.1 are all affected. I'm not really sure where
it started, but FWIW tshark 0.99.5 handled it fine:

# tshark -n -r smtptls.pcap 
  1   0.000000 2600:3c03::f03c:91ff:fe96:b31a -> 2001:470:1f11:7b5::14 SMTP
Message Body

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 10536] smtp decoder can dump binary data to terminal in tshark
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10536] smtp decoder can dump binary data to terminal in tshark
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10536] smtp decoder can dump binary data to terminal in tshark
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 10527] The SMB2 dissector does not handle SVHDX Extra Create Parameters (HyperV related)
Next by Date: [Wireshark-bugs] [Bug 10536] smtp decoder can dump binary data to terminal in tshark
Previous by thread: [Wireshark-bugs] [Bug 10535] Statistics -> Packet Lengths: Incorrect average packet size
Next by thread: [Wireshark-bugs] [Bug 10536] smtp decoder can dump binary data to terminal in tshark
Index(es):
- Date
- Thread