| Bug ID |
11126
|
| Summary |
The GIOP dissector displays \000 at the end of op strings
|
| Product |
Wireshark
|
| Version |
1.12.4
|
| Hardware |
x86
|
| OS |
Windows 7
|
| Status |
UNCONFIRMED
|
| Severity |
Normal
|
| Priority |
Low
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Build Information:
Version 1.12.4 (v1.12.4-0-gb4861da from master-1.12)
Copyright 1998-2015 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (32-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with
GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares
1.9.1, with Lua 5.2, without Python, with GnuTLS 3.2.15, with Gcrypt 1.6.2,
with
MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Mar 4 2015), with
AirPcap.
Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 3.2.15, Gcrypt 1.6.2, without AirPcap.
Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz, with 8061MB of physical
memory.
Built using Microsoft Visual C++ 10.0 build 40219
--
GIOP request messages shown in the summary window have \000 displayed on the
end of the operation string. e.g.
18 13:24:49.520921 10.165.180.80 10.162.64.236 GIOP GIOP 1.2
Request, s=164 id=175449: op=newPlayStatus\000
This string is generated in several places in packet-giop.c using code like..
/* length of operation string and string */
len = get_CDR_string(tvb, &operation, &offset, stream_is_big_endian,
GIOP_HEADER_SIZE);
proto_tree_add_uint (request_tree, hf_giop_req_operation_len, tvb, offset - 4
- len, 4, len);
if ( len > 0)
{
col_append_fstr(pinfo->cinfo, COL_INFO, ": op=%s", format_text(operation,
(size_t)len));
proto_tree_add_string(request_tree, hf_giop_req_operation, tvb, offset -
len, len, operation);
}
It would appear that format_text is reading the NULL terminator at the end of
the string and converting it to '\000'. So either format_text is overrunning
the length of the string or the length being passed to it is too large or the
length being returned by get_CDR_string is too large.
Changing the calll to format_text to use len-1 fixes the problem, but may not
be the correct way to fix it.
You are receiving this mail because:
- You are watching all bug changes.