Wireshark-bugs: [Wireshark-bugs] [Bug 4214] If the contents of an OCTET STRING is dissected as a
Date: Sun, 2 Jan 2011 13:33:58 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4214

Guy Harris <guy@xxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|fuzz testing reports        |If the contents of an OCTET
                   |possible dissector bug:     |STRING is dissected as a
                   |H248,                       |non-byte-array and
                   |                            |non-string field, a
                   |                            |dissector bug is reported
                   |                            |if the length is wrong

--- Comment #4 from Guy Harris <guy@xxxxxxxxxxxx> 2011-01-02 13:33:56 PST ---
That *particular* error doesn't show up with that capture, at least not with
the version of Wireshark I'm using, because the BER code detects that the
ipv4address runs past the end of the item containing it before it even tries
dissecting it as an IPv4 address.

However, the bug still exists.  I've checked in a change to the BER code, so
that, when it tries to dissect the contents of an OCTET STRING as a particular
field, it checks the type of the field and the length of the OCTET STRING, and,
if the length isn't appropriate for the type, it marks it as an invalid length,
complete with an expert info item.

Unfortunately, that means that the BER code currently knows what the
appropriate lengths are, and that can get out of sync with what
proto_tree_add_item() thinks, so I'm not sure I like this as the ultimate
solution.  I'll leave the bug open for now.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.