Wireshark-dev: Re: [Wireshark-dev] Malformed packets in CORBA protocol plugin

From: "Anders Broman \(AL/EAB\)" <anders.broman@xxxxxxxxxxxx>
Date: Thu, 7 Dec 2006 15:21:24 +0100
Hi,
You should try to see in packet-giop.c what happens after the output of:
  ServiceContextList
    Sequence Length: 0

My guess is that a sequence length of zero isn't handled properly. I have little time to look at this currently...
 
BR
Anders

________________________________

Från: wireshark-dev-bounces@xxxxxxxxxxxxx genom Andy.Ling@xxxxxxxxxxx
Skickat: to 2006-12-07 14:56
Till: Developer support list for Wireshark
Ämne: Re: [Wireshark-dev] Malformed packets in CORBA protocol plugin



wireshark-dev-bounces@xxxxxxxxxxxxx wrote on 07/12/2006 12:52:43:

> Hi,
> Perhaps a fault in the GIOP dissector. Can you send the text output of
> the failed decoding?
> BR
> Anders
>

I'm not 100% sure which bit you are after, but the packet
bytes look like :-

Frame 199 (130 bytes on wire, 130 bytes captured)

0000   00 01 af 15 fd df 00 30 48 12 04 d4 08 00 45 00  .......0H.....E.
0010   00 74 11 d2 40 00 80 06 9a e6 0a a5 0b 78 0a a5  [email protected]..
0020   2d 0a 04 87 04 04 20 52 7c 07 0d a9 71 d6 50 18  -..... R|...q.P.
0030   fd bb 8e 33 00 00 47 49 4f 50 01 02 01 00 40 00  ...3..GIOP....@.
0040   00 00 ec 00 00 00 03 00 00 00 00 00 00 00 1b 00  ................
0050   00 00 14 01 0f 00 52 53 54 45 6d a5 36 00 05 98  ......RSTEm.6...
0060   4a 00 00 00 01 00 00 00 01 00 00 00 02 00 0b 00  J...............
0070   00 00 67 65 74 52 65 66 54 69 6d 65 00 00 00 00  ..getRefTime....
0080   00 00                                            ..

And the decode window above shows:-

General Inter-ORB Protocol Request
  Request id: 236
  Response flags: SYNC_WITH_TARGET (3)
  Reserved: 0 0 0
  TargetAddress Discriminant: 0
  KeyAddr (object key length): 27
  KeyAddr (object key): ....RSTEm.6...J............
  Operation length: 11
  Request operation: getRefTime
  ServiceContextList
    Sequence Length: 0
[Malformed Packet: Q_QUENTINV3]

If I turn off our Q_QUENTINV3 protocol then the last line is not printed.

Another bit of information that might help. If I set the filter to giop
then the info in the main window looks like :-

Q_QUENTINV3 GIOP 1.2 Request 236: getRefTime[Malformed Packet]

Without the giop filter the "[Malformed Packet]" string is missing

Regards

Andy Ling

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev


<<winmail.dat>>