Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10513] New: parse problem in RTP dissect_rtp_hext_rfc5215

Wireshark-bugs: [Wireshark-bugs] [Bug 10513] New: parse problem in RTP dissect_rtp_hext_rfc5215_

Date: Mon, 29 Sep 2014 11:01:22 +0000

Bug ID	10513
Summary	parse problem in RTP dissect_rtp_hext_rfc5215_onebyte
Product	Wireshark
Version	unspecified
Hardware	x86
OS	All
Status	UNCONFIRMED
Severity	Normal
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	bugzilla-admin@wireshark.org
Reporter	sergio.morenomozota@telefonica.com

Build Information:
wireshark 1.12.0 (Git Rev Unknown from unknown)

Copyright 1998-2014 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 3.14.1, with Cairo 1.13.1, with Pango 1.36.7, with
GLib 2.41.5, with libpcap, with libz 1.2.8, with POSIX capabilities (Linux),
with libnl 3, with SMI 0.4.8, with c-ares 1.10.0, with Lua 5.2, without Python,
with GnuTLS 3.2.16, with Gcrypt 1.5.4, with MIT Kerberos, with GeoIP, with
PortAudio V19-devel (built Feb 25 2014 21:09:53), without AirPcap.

Running on Linux 3.16.0-18-generic, with locale en_US.UTF-8, with libpcap
version 1.6.2, with libz 1.2.8, GnuTLS 3.2.16, Gcrypt 1.5.4.
Intel(R) Core(TM) i7-4750HQ CPU @ 2.00GHz

Built using gcc 4.9.1.
--
some commercial IPTV streamers send bogus info in the extension headers, add
some sanity check to skip the erroneous bytes.

Affected Version: All versions

the following patch is able to resolve the issue and give a clean trace of the
mp2t files:

sergio@MBP:~/wireshark/wireshark-1.12.0+git+4fab41a1/epan/dissectors$ diff -c 
packet-rtp.c.old packet-rtp.c
*** packet-rtp.c.old    2014-09-29 10:24:07.848699977 +0200
--- packet-rtp.c    2014-09-29 10:14:54.116722160 +0200
***************
*** 1832,1837 ****
--- 1832,1844 ----
              return;

          ext_length = (ext_hdr_hdr & 0x0F) + 1;
+ 
+     /* Exit on malformed extension headers */
+     if (ext_offset + ext_length + 1 > tvb_captured_length (tvb)) {
+         ext_offset = tvb_captured_length (tvb);
+         continue;
+     }
+ 
          if (rtp_hext_tree) {
              ti = proto_tree_add_text(rtp_hext_tree, tvb, ext_offset,
ext_length + 1, "RFC 5285 Header Extension (One-Byte Header)");
              rtp_hext_rfc5285_tree = proto_item_add_subtree( ti,
ett_hdr_ext_rfc5285);

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 10513] parse problem in RTP dissect_rtp_hext_rfc5215_onebyte
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10513] parse problem in RTP dissect_rtp_hext_rfc5215_onebyte
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 10512] LLDP TIA Network Policy Unknown Policy Flag Decode is not correct.
Next by Date: [Wireshark-bugs] [Bug 10452] Support for Android Debug Bridge (ADB) payloads over USB
Previous by thread: [Wireshark-bugs] [Bug 10512] LLDP TIA Network Policy Unknown Policy Flag Decode is not correct.
Next by thread: [Wireshark-bugs] [Bug 10513] parse problem in RTP dissect_rtp_hext_rfc5215_onebyte
Index(es):
- Date
- Thread