Ethereal-dev: Re: [ethereal-dev] A possible bug in IP_OPTION dissector.
On mar, fév 01, 2000 at 08:35:33 +0200, Paul Ionescu wrote:
>
> Hello,
>
> I captured a ping from a NT with timestamp enabled in IP header. The
> capture is attached to this email. I think that there is a bug in
> "dissect_ipopt_timestamp" function. The host IP from
> IP->Options->Timestamp is wrong. It should be 10.1.1.1 but instead is
> 3.219.180.46 which is the time field. I think that is a offset
> problem. And the displayed field is wrong too. When I select any of
> the "Address field", in the data field are highlited first 8 bytes
> from IP options.
Here is a patch to correct this. I checked the updated packet-ip.c in
the CVS tree.
Olivier
diff -u -r1.71 packet-ip.c
--- packet-ip.c 2000/01/24 04:44:35 1.71
+++ packet-ip.c 2000/02/02 22:02:32
@@ -526,25 +526,18 @@
while (optlen > 0) {
if (flg == IPOPT_TS_TSANDADDR) {
- if (optlen < 4) {
- proto_tree_add_text(field_tree, offset + optoffset, optlen,
- "(suboption would go past end of option)");
- break;
- }
/* XXX - check whether it goes past end of packet */
- ts = pntohl(opd);
- opd += 4;
- optlen -= 4;
- if (optlen < 4) {
+ if (optlen < 8) {
proto_tree_add_text(field_tree, offset + optoffset, optlen,
"(suboption would go past end of option)");
break;
}
- /* XXX - check whether it goes past end of packet */
memcpy((char *)&addr, (char *)opd, sizeof(addr));
+ opd += 4;
+ ts = pntohl(opd);
opd += 4;
- optlen -= 4;
- proto_tree_add_text(field_tree, offset, 8,
+ optlen -= 8;
+ proto_tree_add_text(field_tree, offset + optoffset, 8,
"Address = %s, time stamp = %u",
((addr.s_addr == 0) ? "-" : (char *)get_hostname(addr.s_addr)),
ts);
--
Hokey religions and ancient weapons are no substitute for a good blaster at
your side.
- Han Solo