Wireshark-bugs: [Wireshark-bugs] [Bug 4565] New: some ncp frames trigger "Dissector bug, protoco
Date: Mon, 8 Mar 2010 21:22:56 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4565

           Summary: some ncp frames trigger "Dissector bug, protocol NCP"
           Product: Wireshark
           Version: SVN
          Platform: Other
        OS/Version: Windows XP
            Status: NEW
          Severity: Minor
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: jyoung@xxxxxxx


Created an attachment (id=4377)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4377)
odd numbered ncp frames trigger ncp dissector bug

Build Information:
$ tshark -v
TShark 1.3.4 (SVN Rev 32148 from /trunk)

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.22.4, with WinPcap (version unknown), with libz 1.2.3,
without POSIX capabilities, without libpcre, with SMI 0.4.8, with c-ares 1.7.0,
with Lua 5.1, without Python, with GnuTLS 2.8.5, with Gcrypt 1.4.5, with MIT
Kerberos, with GeoIP.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1.1
(packet.dll version 4.1.0.1753), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 2.8.5, Gcrypt 1.4.5.

Built using Microsoft Visual C++ 9.0 build 30729

--
In the attached trace file the odd numbered frames (the frames sourced from ip
10.1.1.1) trigger a "Dissector bug, protocol NCP" message in both Wireshark and
tshark.

> $ tshark -r ncp.frames1-10.pcap
> 
> ** (tshark.exe:5956): WARNING **: Dissector bug, protocol NCP, in packet 1: STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address
>   1  0xdd2a (56618)   0.000000     10.1.1.1 -> 10.2.2.2     NCP 1 1    101 101 C Obtain File or SubDirectory Information[Dissector bug, protocol NCP: STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address]
>   2  0xe07c (57468)   0.000050     10.2.2.2 -> 10.1.1.1     NCP 1 48    151 151 R OK
> 
> ** (tshark.exe:5956): WARNING **: Dissector bug, protocol NCP, in packet 3: STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address
>   3  0xdd2b (56619)   0.000535     10.1.1.1 -> 10.2.2.2     NCP 48 98    101 101 C Obtain File or SubDirectory Information[Dissector bug, protocol NCP: STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address]
>   4  0xe17c (57724)   0.000554     10.2.2.2 -> 10.1.1.1     NCP 98 95    151 151 R OK
> 
> ** (tshark.exe:5956): WARNING **: Dissector bug, protocol NCP, in packet 5: STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address
>   5  0xdd2c (56620)   0.001024     10.1.1.1 -> 10.2.2.2     NCP 95 195    101 101 C Obtain File or SubDirectory Information[Dissector bug, protocol NCP: STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address]
>   6  0xe27c (57980)   0.001041     10.2.2.2 -> 10.1.1.1     NCP 195 142    151 151 R OK
> 
> ** (tshark.exe:5956): WARNING **: Dissector bug, protocol NCP, in packet 7: STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address
>   7  0xdd2d (56621)   0.001449     10.1.1.1 -> 10.2.2.2     NCP 142 292    101 101 C Obtain File or SubDirectory Information[Dissector bug, protocol NCP: STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address]
>   8  0xe37c (58236)   0.001463     10.2.2.2 -> 10.1.1.1     NCP 292 189    151 151 R OK
> 
> ** (tshark.exe:5956): WARNING **: Dissector bug, protocol NCP, in packet 9: STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address
>   9  0xdfb1 (57265)  41.862824     10.1.1.1 -> 10.2.2.2     NCP 189 389    121 121 C Obtain File or SubDirectory Information[Dissector bug, protocol NCP: STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address]
>  10  0x788e (30862)  41.862887     10.2.2.2 -> 10.1.1.1     NCP 389 256    70 70 R No matching files or directories were found
>

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.