Wireshark-bugs: [Wireshark-bugs] [Bug 1132] TLS decryption incorrectly decrypting http packet?
Date: Thu, 28 Sep 2006 20:46:51 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1132





------- Comment #3 from phantal@xxxxxxxxx  2006-09-28 20:46 GMT -------
  There's another problem I neglected to mention in the original bug
description.  The http dissector is setting pinfo->cinfo on this packet to not
writable.  I think what happens is something along these lines:

1) SSL dissector hands off the tvb to the http dissector
2) http dissector sets column contents during dissect_http_message
3) http dissector sets pinfo->cinfo->writable=FALSE
4) SSL dissector hands a/the [wrong?] tvb off to the http dissector (the 2nd
TLSv1 record)
5) The http dissector can't set the column contents properly during the call to
dissect_http_message.  I'm unsure of this, but I think the SSL dissector
changed the column contents again, but the writable status stays FALSE ... this
doesn't make any sense?  Consequently the column contents are now TLSv1 and
[SSL segment of a reassembled PDU].
6) http dissector uses the data it was passed (the tvb it was passed the first
time?) and generates a 2nd proto tree, with identical information to the 1st.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.