Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10988] New: Wireshark ignores DNS Client Subnet option's data length when it's

Wireshark-bugs: [Wireshark-bugs] [Bug 10988] New: Wireshark ignores DNS Client Subnet option's d

Date: Sat, 21 Feb 2015 13:36:00 +0000

Bug ID	10988
Summary	Wireshark ignores DNS Client Subnet option's data length when it's too long
Product	Wireshark
Version	1.12.3
Hardware	x86-64
OS	Windows 7
Status	UNCONFIRMED
Severity	Normal
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Created attachment 13461 [details]
DNS Client Subnet Option

Build Information:
Version 1.12.3 (v1.12.3-0-gbb3e9a0 from master-1.12)

Copyright 1998-2015 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with
GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares
1.9.1, with Lua 5.2, without Python, with GnuTLS 3.2.15, with Gcrypt 1.6.2,
without Kerberos, with GeoIP, with PortAudio V19-devel (built Jan  7 2015),
with
AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 3.2.15, Gcrypt 1.6.2, without AirPcap.
        Intel(R) Core(TM) i5-3550 CPU @ 3.30GHz, with 16345MB of physical
memory.


Built using Microsoft Visual C++ 10.0 build 40219

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Discovered while working on Pcap.Net (http://pcapdot.net).

In the attached pcap file there's a single DNS packet with an OPT RR as the
third additional RRs.
This RR's 7th option is a Client Subnet option.
Even though this option length is written to be 53 bytes and the option's data
is indeed read until 0x0213, the next option isn't being read from 0x0214, but
from 0x01F3.
This is probably related to the fact that Client Subnet address length is
assumed to be no longer than 16 bytes, but since Wireshark reads the option
data correctly, it doesn't make sense to read the next option from a location
that is within the current option's data.

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 10988] Wireshark ignores DNS Client Subnet option's data length when it's too long
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10988] Wireshark ignores DNS Client Subnet option's data length when it's too long
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10988] Wireshark ignores DNS Client Subnet option's data length when it's too long
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 10987] New: double-free and use-after-free since "Call pre_init_prefs each time our profile changes"
Next by Date: [Wireshark-bugs] [Bug 10990] New: DNS data in IPv4 in ICMP isn't parsed as UDP
Previous by thread: [Wireshark-bugs] [Bug 10987] double-free and use-after-free since "Call pre_init_prefs each time our profile changes"
Next by thread: [Wireshark-bugs] [Bug 10988] Wireshark ignores DNS Client Subnet option's data length when it's too long
Index(es):
- Date
- Thread