First a bit of history for those not keeping up.
I have found that any CORBA dissector built using the
omniidl / python stuff marks a packet as Malformed
for CORBA 1.2 requests that don't have any arguments.
I have tracked the problem down to a ReportedBoundsError
exception being thrown by start_dissecting calling
proto_tree_add_item when there are no arguments to
be added.
It looks like this is a CORBA 1.2 problem and is being
caused by packet-giop.c
In dissect_giop_request_1_2 there is some code that looks like :-
decode_ServiceContextList(tvb, request_tree, &offset,
stream_is_big_endian, GIOP_HEADER_SIZE);
/*
* GIOP 1.2 Request body must fall on an 8 octet alignment, taking into
* account we are in a new tvbuff, GIOP_HEADER_SIZE octets from the
* GIOP octet stream start.
*/
set_new_alignment(&offset, GIOP_HEADER_SIZE, 8);
When there are no arguments the service context list is empty
so the call to set_new_alignment may and usually does, set
the offset beyond the length of the buffer.
proto_tree_add_item is designed to cope with offset equal to
the buffer length, but not beyond it. So it throws.
There are several ways to fix this and I don't know enough about
the code to know which is the best.
A fairly "safe" fix is to change start_dissecting in wireshark_gen.py
to look like :-
static proto_tree *start_dissecting(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *ptree, int *offset) {
proto_item *ti = NULL;
proto_tree *tree = NULL; /* init later, inside if(tree) */
if (check_col(pinfo->cinfo, COL_PROTOCOL))
col_set_str(pinfo->cinfo, COL_PROTOCOL, "Q_QUENTINV3");
/*
* Do not clear COL_INFO, as nothing is being written there by
* this dissector yet. So leave it as is from the GIOP dissector.
* TODO: add something useful to COL_INFO
* if (check_col(pinfo->cinfo, COL_INFO))
* col_clear(pinfo->cinfo, COL_INFO);
*/
+ if (tvb_length_remaining(tvb, *offset) < 0)
+ return NULL ;
if (ptree) {
......
Regards
Andy Ling