Hello.
I'm back with the new bug related to my favourite MEGACO dissector :)
Checked in together with the "BoundsError exception in text MEGACO packets"
Patch.
In the future please send patches as attachments to make it easier to apply
them. You may also want to switch to the Wireshark list.
http://www.wireshark.org/mailman/listinfo
Best regards
Anders
MEGACO dissector fails to decode such a packet:
!/1 <company1.com>:2944
T=2{C=-{N=user_1{OE=1025{20060614T01495601:al/of{init=False}}}}}
It produces the following output:
MEGACO
[skipped for brevity]
Observed Events Descriptor: OE=1025{20060614T01495601:al/of{init=False}}
RequestID: 1025
pkgdName: 20060614T01495601:al/of
init=False
[ Parse error: Invalid offset ]
Parse error irritates me, it should not be here, the packet is valid. So,
the details.
Error occurs in the function which is called
dissect_megaco_observedeventsdescriptor(), line 2047 of packet-megaco.c
because tvb_current_offset is equal to tvb_previous_offset. Let's walk back
in timeand try to understand why they are equal. 1. tvb_current_offset - in
line 2040 there is an attempt to find next parameter. There is no next
parameter, so tvb_current_offset is adjusted in line 2044 to
tvb_observedevents_end_offset. 2. tvb_previous_offset - in line 2039 is
takes value from tvb_current_offset; tvb_current_offset, in turn, is
adjusted in line 1957 and it is equal to tvb_observedevents_end_offset .
So, I concluded that (tvb_current_offset <= tvb_previous_offset) condition
is always true is there is only one parameter in observed event descriptor.
Index: packet-megaco.c
===================================================================
--- packet-megaco.c (revision 18189)
+++ packet-megaco.c (working copy)
@@ -2042,7 +2042,7 @@
if (tvb_current_offset == -1 || tvb_current_offset >
tvb_observedevents_end_offset ){
tvb_current_offset =
tvb_observedevents_end_offset;
}
- if (tvb_current_offset <= tvb_previous_offset) {
+ if (tvb_current_offset < tvb_previous_offset) {
proto_tree_add_text(megaco_observedevent_tree, tvb, 0, 0, "[ Parse error:
Invalid offset ]");
return;
}
============== The patch ends ===================
Best,
Eugene Tarlovskij