Bug ID |
11335
|
Summary |
TFTP heuristic dissector for TURN ChannelData incorrectly matches sometimes
|
Product |
Wireshark
|
Version |
1.12.6
|
Hardware |
All
|
OS |
All
|
Status |
UNCONFIRMED
|
Severity |
Minor
|
Priority |
Low
|
Component |
Dissection engine (libwireshark)
|
Assignee |
[email protected]
|
Reporter |
[email protected]
|
Created attachment 13708 [details]
example capture showing the problem
Build Information:
Wireshark 1.99.8 (v1.99.8rc0-230-gb0b027d from master)
Copyright 1998-2015 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GTK+ 3.10.8, with Cairo 1.13.1, with Pango 1.36.3, with
libpcap, with POSIX capabilities (Linux), without libnl, with libz 1.2.8, with
GLib 2.40.2, with SMI 0.4.8, with c-ares 1.10.0, with Lua 5.2, with GnuTLS
2.12.23, with Gcrypt 1.5.3, with MIT Kerberos, with GeoIP, with PortAudio
V19-devel (built Feb 25 2014 21:09:53), without AirPcap.
Running on Linux 3.13.0-55-generic, with locale en_US.UTF-8, with libpcap
version 1.5.3, with libz 1.2.8, with GnuTLS 2.12.23, with Gcrypt 1.5.3.
Intel(R) Core(TM) i7-4980HQ CPU @ 2.80GHz
Built using gcc 4.8.4.
--
As shown in the attached capture file for packets #9 and #13, the TFTP
heuristic dissector incorrectly matches TURN ChannelData message data content
when it shouldn't.
Unfortunately, the TFTP protocol has very little constrained structure to
perform heuristic detection with. So at the very least, there needs to be a
preference option to disable it, and it should probably be disabled by default.
This problem was also mentioned in the "Known Issues" section of:
http://www.myskypelab.com/2014/05/microsoft-lync-wireshark-plugin.html
You are receiving this mail because:
- You are watching all bug changes.