[john_dale@xxxxxxxxxx]

Wireshark 1.4.4, reports malformed packet
parsing filter in LDAP searchRequest..  Is this a bug, or something
I can work around?

Specifically, I get these errors messages
  Expert Info (Error/Undecoded):
Found more than 200 filter elements. Giving up.
  Expert Info (Error/Malformed):
Malformed Packet (Exception occurred).

As an example, here is a simple LDAPMessage
showing the problem:
  LDAPMessage: 
  frame[54:45] == 30:2b:02:01:04:63:26:04:00:0a:01:00:0a:01:00:02:01:00:02:02
    :02:58:01:01:00:87:0b:6f:62:6a:65:63:74:63:6c:61:73:73:30:05:04:03:31:2e:31
(Manual parse below.)

I'm getting this in all LDAP searchRequests.
 
I don't see problems with other LDAP
messages other than searchRequest

Version 1.4.4 (SVN Rev 36110 from /trunk-1.4)
Compiled (32-bit) with GTK+ 2.16.6,
with GLib 2.22.4, 
with WinPcap (version unknown), with
libz 1.2.3, without POSIX capabilities, 
without libpcre, with SMI 0.4.8, with
c-ares 1.7.1, with Lua 5.1, 
without Python, with GnuTLS 2.8.5, with
Gcrypt 1.4.5, with MIT Kerberos, 
with GeoIP, with PortAudio V19-devel
(built Mar 1 2011), with AirPcap.
Running on Windows Server 2003 Service
Pack 2, build 3790, 
with WinPcap version 4.1.2 (packet.dll
version 4.1.0.2001), 
based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 2.8.5, 
Gcrypt 1.4.5, without AirPcap.

Manual parse:
30 2b # SEQUENCE
   02 01 04 # MessageID INTEGER
   63 26 # [Application 3]
SEQUENCE
      04 00 # baseObject
LDAPDN (OCTET STRING)
      0a 01 00 # scope
ENUMERATED
      0a 01 00 # derefAliases
ENUMERATED
      02 01 00 # sizeLimit
INTEGER
      02 02 02 58 # timeLimit
INTEGER (600)
      01 01 00 # typesOnly
BOOLEAN
     The error seems
to occurn in paring the "filter", 
        which has
exactly one element.
      87 0b 6f 62 6a
65 63 74 63 6c 61 73 73 
         #
filter : present [7] AttributeType "objectclass"
      30 05 # attributes
SEQUENCEOF
         04
03 31 2e 31 "1.1"