Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10559] New: IPv6 RPL option is read as less bytes than it is

Wireshark-bugs: [Wireshark-bugs] [Bug 10559] New: IPv6 RPL option is read as less bytes than it

Date: Sat, 11 Oct 2014 08:48:10 +0000

Bug ID	10559
Summary	IPv6 RPL option is read as less bytes than it is
Product	Wireshark
Version	1.12.1
Hardware	x86-64
OS	Windows 7
Status	UNCONFIRMED
Severity	Normal
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Created attachment 13159 [details]
IPv6 RPL option with data length of 7 bytes that is read as if it was with data
length of 4 bytes

Build Information:
Version 1.12.1 (v1.12.1-0-g01b65bf from master-1.12)

Copyright 1998-2014 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with
GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares
1.9.1, with Lua 5.2, without Python, with GnuTLS 3.1.22, with Gcrypt 1.6.0,
without Kerberos, with GeoIP, with PortAudio V19-devel (built Sep 16 2014),
with
AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 3.1.22, Gcrypt 1.6.0, without AirPcap.
        Intel(R) Core(TM) i5-3550 CPU @ 3.30GHz, with 16345MB of physical
memory.


Built using Microsoft Visual C++ 10.0 build 40219

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Discovered while working on Pcap.Net (http://pcapdot.net)

In the attached pcap file, there's an IPv6 packet with Hop-by-Hop Option
extension header with several option.
The 6th option is an RPL option.
The data length as written and parsed by Wireshark is 7 so the total length of
the option is 9 bytes, and it is marked correctly.
However, the next option is being read only 6 bytes after the RPL option's
start, instead of 9 bytes and is so read incorrectly.
You can see that when clicking on the two options there 3 bytes overlap between
them.

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 10559] IPv6 RPL option is read as less bytes than it is
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10559] IPv6 RPL option is read as less bytes than it is
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10559] IPv6 RPL option is read as less bytes than it is
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10559] IPv6 RPL option is read as less bytes than it is
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 10542] dissection of sid28 shouldn't show expert info if tree is null
Next by Date: [Wireshark-bugs] [Bug 10560] New: Last Address field for IPv6 RPL routing header is interpreted incorrectly
Previous by thread: [Wireshark-bugs] [Bug 10558] DNP3 Dissector Enhancement for Obj 12 Var 2 and Var 3 Objects + Bug Fix for single-bit object-types
Next by thread: [Wireshark-bugs] [Bug 10559] IPv6 RPL option is read as less bytes than it is
Index(es):
- Date
- Thread