Wireshark-bugs: [Wireshark-bugs] [Bug 10615] New: DNS NXT RR is parsed incorrectly
Date: Fri, 24 Oct 2014 14:31:05 +0000
Bug ID 10615
Summary DNS NXT RR is parsed incorrectly
Product Wireshark
Version 1.12.1
Hardware x86-64
OS Windows 7
Status UNCONFIRMED
Severity Normal
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter boaz.brickner@gmail.com

Created attachment 13193 [details]
DNS NXT packet

Build Information:
Version 1.12.1 (v1.12.1-0-g01b65bf from master-1.12)

Copyright 1998-2014 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with
GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares
1.9.1, with Lua 5.2, without Python, with GnuTLS 3.1.22, with Gcrypt 1.6.0,
without Kerberos, with GeoIP, with PortAudio V19-devel (built Sep 16 2014),
with
AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 3.1.22, Gcrypt 1.6.0, without AirPcap.
        Intel(R) Core(TM) i5-3550 CPU @ 3.30GHz, with 16345MB of physical
memory.


Built using Microsoft Visual C++ 10.0 build 40219

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Discovered while working on Pcap.Net (http://pcapdot.net).

In the attached pcap file, there's a single DNS packet.
The DNS packet has 4 queries RRs, 5 answers RRs, 3 authoritative nameservers
RRs and 3 additional RRs.
The queries RRs and answers RRs are parsed fine.
However, only the first 2 authoritative RRs are parsed and none of the 3
additional RRs are parsed.
The second authoritative RR is of type NXT, and even though it has data length
of 9, Wireshark reads all the bytes until the end of the packet as if they are
part of bitmap in this RR (it reads 317 bytes too many).
This causes it to not parse the rest of the RRs correctly.


You are receiving this mail because:
  • You are watching all bug changes.