Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 1124] Application level protocol PDUs not dissected properly if minimal header

Wireshark-bugs: [Wireshark-bugs] [Bug 1124] Application level protocol PDUs not dissected proper

Date: Fri, 30 Mar 2007 10:05:10 +0000 (GMT)

http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1124





------- Comment #6 from shehjart@xxxxxxxxxxxxxxx  2007-03-30 10:05 GMT -------
Heres my two segments...er...bits about how I understand this problem. My
checkout revision number is 21281.

In desegment_tcp, we check for ipfd_head to contain the defragmented bytes,
which were requested by the bittorrent dissector through pinfo->desegment_len
and pinfo->desegment_offset, in the previous iteration of desegment_tcp's loop.
This check is on line 1198.

For simplicity, just assume that the frag header is 4 bytes long. In this case
and iteration, the desegmented bytes are the 4 header bytes requested by the
tcp_dissect_pdus() in dissect_bittorrent(). For these 4 bytes , we create a new
tvbuff_t to contain the desegmented bytes, called next_tvb.Then we call the
process_tcp_payload() for just these 4 bytes. Nothing wrong in that I think.

After this call returns, pinfo->desegment_offset should be 0 and desegment_len,
1442, as specified in the frag header, because tcp_dissect_pdus in
dissect_bittorrent will not find any of the 1442 bytes in the next_tvb.

The first problem I hit into is, as Igor mentioned, the -1 for old_len on line
1243. Even if I change the check, the defragmentation doesnt happen correctly
because in that if block, we are updating the msp with sequence numbers beyond
the current tvb, whereas the needed bytes are available in tvb. I am not
completely sure about how multisegment_pdus are managed but I think moving the
sequence numbers beyond the current tvb, makes lookup functions earlier in the
loop, overlook the current tvb.

So effectively, we dissect the frag header bytes as one tvbuff and the actual
bytes of the fragment as a separate tvbuff, which makes the second tvbuff
appear corrupted.

We might need to branch it out as,

1. To handle previously incomplete fragments, that are completed in the current
tvb. 

2. To handle, segments starting in the middle of the current tvb and going
beyond the current tvb.

Some help with how multisegment_pdus are managed might help me in understanding
this better.

More later.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Prev by Date: [Wireshark-bugs] [Bug 1459] The filter "ip.version == 6" doesn't work
Next by Date: [Wireshark-bugs] [Bug 1502] New: problem with wireshark-setup-0.99.6-SVN-21281.exe version how to specify Hex password ?
Previous by thread: [Wireshark-bugs] [Bug 1124] Application level protocol PDUs not dissected properly if minimal header broken across packets
Next by thread: [Wireshark-bugs] [Bug 1502] New: problem with wireshark-setup-0.99.6-SVN-21281.exe version how to specify Hex password ?
Index(es):
- Date
- Thread