Wireshark-users: Re: [Wireshark-users] [BUG] BJNP protocol (maybe overflow)

From: Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx>
Date: Sat, 9 Jan 2010 13:19:54 -0700

On Jan 9, 2010, at 6:06 AM, Ershov Pavel wrote:

If you send a packet protocol BJNP (which sends CUPS), then wireshrk displays it incorrectly. When sending multiple identical packets, displaying changes.

Thanks for your report and the sample code to reproduce it! The dissector's code was putting the string in the INFO column and then freeing it without copying it first. I just fixed that in SVN revision 31472 (http://anonsvn.wireshark.org/viewvc?view=rev&revision=31472 ) of the development 1.3.x version of Wireshark. I will put in a request that this fix be copied over to future 1.2.x releases. This dissector is not in the 1.0.x releases.


Steve