Wireshark-bugs: [Wireshark-bugs] [Bug 2376] UDP packet (KLive) wrongly dissected as " Redback La
Date: Thu, 10 Apr 2008 02:43:45 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2376





--- Comment #2 from Michael McCartney <mccart@xxxxxxxxxxxxxxxxxx>  2008-04-10 02:43:43 GMT ---
The following one line change to resolved the same issue for me

=== epan/dissectors/packet-redbackli.c
==================================================================
--- epan/dissectors/packet-redbackli.c
+++ epan/dissectors/packet-redbackli.c
@@ -201,7 +201,7 @@
                        case(RB_AVP_LABEL):
                                break;
                        case(RB_AVP_EOH):
-                               if (avplen > 1)
+                               if (avplen > 1 || offset == 0)
                                        return FALSE;
                                eoh=1;
                                break;

Based on quick review of the redbackli code, it does not
appear to expect a redbackli frame to begin with end of 
header marker.  Is there any overview, standards, wiki
or anything of this protocol anywhere?  Goggle doesnt
turn up anything.

I think this dissector should have an enable/disable option 
since it only looks at the first two octet, and in this 
particular case, the first two octets are null and processed 
as EOH then goes off the rail.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.