Wireshark-bugs: [Wireshark-bugs] [Bug 11249] New: SIP MIME body containing ISUP does not decode

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Wed, 03 Jun 2015 18:51:28 +0000
Bug ID 11249
Summary SIP MIME body containing ISUP does not decode properly
Product Wireshark
Version 1.12.5
Hardware x86
OS Windows 8.1
Status UNCONFIRMED
Severity Normal
Priority Low
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected] 

Build Information:
Version 1.12.5 (v1.12.5-0-g5819e5b from master-1.12)

Copyright 1998-2015 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with
GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares
1.9.1, with Lua 5.2, without Python, with GnuTLS 3.2.15, with Gcrypt 1.6.2,
without Kerberos, with GeoIP, with PortAudio V19-devel (built May 12 2015),
with
AirPcap.

Running on 64-bit Windows 8.1, build 9600, with WinPcap version 4.1.3
(packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 3.2.15, Gcrypt 1.6.2, without AirPcap.
Intel(R) Core(TM) i7-4710MQ CPU @ 2.50GHz, with 16263MB of physical memory.


Built using Microsoft Visual C++ 10.0 build 40219

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Issue: ISUP body into SIP MIME does not decode properly.

Scenario: 
I have just upgraded to latest updates which upgraded to 1.12.5.
It used to decode correctly till now, I am seeing this bug recently.

Description:
SIP uses \r\n (i.e. 0x0d0a) as an end of the line delimiter. Normally in the
MIME body it uses one empty line containing CRLF (\r\n). New upgrade of
wireshark is not reading this new line and start to decode the ISUP body in the
MIME directly. which results into wrong decoding as it take Message type as
0x0d which is not the correct message type.

Although I see this randomly only for IAM and ANM message.

--------------------------------------------
Sample Hex dump: search for "0d 0a 0d 0a 01"
--------------------------------------------
0000   43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70  Content-Type: ap
0010   70 6c 69 63 61 74 69 6f 6e 2f 49 53 55 50 3b 76  plication/ISUP;v
0020   65 72 73 69 6f 6e 3d 69 74 75 2d 74 38 38 3b 62  ersion=itu-t88;b
0030   61 73 65 3d 49 54 55 2d 54 38 38 0d 0a 0d 0a 01  ase=ITU-T88.....
0040   11 49 00 0a 03 02 0a 08 85 90 41 80 23 81 96 08  .I........A.#...
0050   0a 07 83 13 04 08 00 00 11 1d 03 90 90 a3 00     ...............

You are receiving this mail because:
  • You are watching all bug changes.