Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 11354] New: PIM null-register according to rfc4601 is incorrectly parsed

Wireshark-bugs: [Wireshark-bugs] [Bug 11354] New: PIM null-register according to rfc4601 is inco

Date: Fri, 10 Jul 2015 14:04:38 +0000

Bug ID	11354
Summary	PIM null-register according to rfc4601 is incorrectly parsed
Product	Wireshark
Version	1.12.6
Hardware	x86
OS	Windows 7
Status	UNCONFIRMED
Severity	Major
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Created attachment 13725 [details]
sample null-register

Build Information:
wireshark 1.12.3 (v1.12.3-0-gbb3e9a0 from master-1.12)

Copyright 1998-2015 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with
GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares
1.9.1, with Lua 5.2, without Python, with GnuTLS 3.2.15, with Gcrypt 1.6.2,
without Kerberos, with GeoIP, with PortAudio V19-devel (built Jan  7 2015),
with
AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 3.2.15, Gcrypt 1.6.2, without AirPcap.
       Intel(R) Core(TM) i5-3380M CPU @ 2.90GHz, with 8123MB of physical
memory.


Built using Microsoft Visual C++ 10.0 build 40219
--
rfc 2362, section 4.3 specifies that the dummy header of a null-register should
only contain S and G but rfc 4601 section 4.9.3 updates this with the
following:
When generating an IPv4 Null-Register
        message, the fields in the dummy IPv4 header SHOULD be filled in
        according to the following table.  Other IPv4 header fields may
        contain any value that is valid for that field.

        Field                  Value
        ---------------------------------------
        IP Version             4
        Header Length          5
        Checksum               Header checksum
        Fragmentation offset   0
        More Fragments         0
        Total Length           20
        IP Protocol            103 (PIM)

The current dissector seems to assume the ip version field is still 0.

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 11354] PIM null-register according to rfc4601 is incorrectly parsed
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11354] PIM null-register according to rfc4601 is incorrectly parsed
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11354] PIM null-register according to rfc4601 is incorrectly parsed
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11354] PIM null-register according to rfc4601 is incorrectly parsed
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11354] PIM null-register according to rfc4601 is incorrectly parsed
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11354] PIM null-register according to rfc4601 is incorrectly parsed
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11354] PIM null-register according to rfc4601 is incorrectly parsed
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11354] PIM null-register according to rfc4601 is incorrectly parsed
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 11310] reassembly of RTP (rtp.pt) does not work
Next by Date: [Wireshark-bugs] [Bug 11354] PIM null-register according to rfc4601 is incorrectly parsed
Previous by thread: [Wireshark-bugs] [Bug 11353] Buildbot crash output: fuzz-2015-07-09-18276.pcap
Next by thread: [Wireshark-bugs] [Bug 11354] PIM null-register according to rfc4601 is incorrectly parsed
Index(es):
- Date
- Thread