Wireshark-bugs: [Wireshark-bugs] [Bug 8364] Denial of Service in packet-reload.c
Date: Thu, 21 Feb 2013 02:51:36 +0000

changed bug 8364

What Removed Added
Status UNCONFIRMED CONFIRMED
Ever confirmed   1

Comment # 1 on bug 8364 from
And it also seems that the reload dissector is incorrectly dissecting the
diagnostic request.  According to
http://tools.ietf.org/html/draft-ietf-p2psip-diagnostics-10#section-5.1.1:

               struct{
                   uint64 expiration;
                   uint64 timestamp_initiated;
                   uint64 dMFlags;
                   uint32 length;
                   DiagnosticExtension diagnostic_extensions[length];
                }DiagnosticsRequest;

... yet dissect_diagnosticrequest() dissects as follows:

  local_offset += 8;
  proto_tree_add_item(local_tree,
hf_reload_diagnosticrequest_timestampinitiated, tvb,
                      offset+local_offset, 8, ENC_TIME_NTP|ENC_BIG_ENDIAN);
  local_offset += 8;
  local_length = tvb_get_ntohl(tvb, offset+local_offset);

i.e., it treats the 4 bytes following the "timestamp_initiated" as the length
when it should be the dMFlags.  I noticed that the description for the length
precedes the description for the dMFlags, so I got to thinking that maybe those
fields were reversed in earlier drafts.  As it turns out, dMFlags was not even
present in
http://tools.ietf.org/html/draft-ietf-p2psip-diagnostics-08#section-5.1.1.


You are receiving this mail because:
  • You are watching all bug changes.