Wireshark-bugs: [Wireshark-bugs] [Bug 2376] UDP packet (KLive) wrongly dissected as " Redback La
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2376
--- Comment #2 from Michael McCartney <mccart@xxxxxxxxxxxxxxxxxx> 2008-04-10 02:43:43 GMT ---
The following one line change to resolved the same issue for me
=== epan/dissectors/packet-redbackli.c
==================================================================
--- epan/dissectors/packet-redbackli.c
+++ epan/dissectors/packet-redbackli.c
@@ -201,7 +201,7 @@
case(RB_AVP_LABEL):
break;
case(RB_AVP_EOH):
- if (avplen > 1)
+ if (avplen > 1 || offset == 0)
return FALSE;
eoh=1;
break;
Based on quick review of the redbackli code, it does not
appear to expect a redbackli frame to begin with end of
header marker. Is there any overview, standards, wiki
or anything of this protocol anywhere? Goggle doesnt
turn up anything.
I think this dissector should have an enable/disable option
since it only looks at the first two octet, and in this
particular case, the first two octets are null and processed
as EOH then goes off the rail.
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.