Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 11335] New: TFTP heuristic dissector for TURN ChannelData incorrectly matches

Wireshark-bugs: [Wireshark-bugs] [Bug 11335] New: TFTP heuristic dissector for TURN ChannelData

Date: Sat, 04 Jul 2015 03:10:11 +0000

Bug ID	11335
Summary	TFTP heuristic dissector for TURN ChannelData incorrectly matches sometimes
Product	Wireshark
Version	1.12.6
Hardware	All
OS	All
Status	UNCONFIRMED
Severity	Minor
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	bugzilla-admin@wireshark.org
Reporter	hadrielk@yahoo.com

Created attachment 13708 [details]
example capture showing the problem

Build Information:
Wireshark 1.99.8 (v1.99.8rc0-230-gb0b027d from master)

Copyright 1998-2015 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 3.10.8, with Cairo 1.13.1, with Pango 1.36.3, with
libpcap, with POSIX capabilities (Linux), without libnl, with libz 1.2.8, with
GLib 2.40.2, with SMI 0.4.8, with c-ares 1.10.0, with Lua 5.2, with GnuTLS
2.12.23, with Gcrypt 1.5.3, with MIT Kerberos, with GeoIP, with PortAudio
V19-devel (built Feb 25 2014 21:09:53), without AirPcap.

Running on Linux 3.13.0-55-generic, with locale en_US.UTF-8, with libpcap
version 1.5.3, with libz 1.2.8, with GnuTLS 2.12.23, with Gcrypt 1.5.3.
Intel(R) Core(TM) i7-4980HQ CPU @ 2.80GHz

Built using gcc 4.8.4.
--
As shown in the attached capture file for packets #9 and #13, the TFTP
heuristic dissector incorrectly matches TURN ChannelData message data content
when it shouldn't. 

Unfortunately, the TFTP protocol has very little constrained structure to
perform heuristic detection with. So at the very least, there needs to be a
preference option to disable it, and it should probably be disabled by default.

This problem was also mentioned in the "Known Issues" section of:
http://www.myskypelab.com/2014/05/microsoft-lync-wireshark-plugin.html

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 11335] TFTP heuristic dissector for TURN ChannelData incorrectly matches sometimes
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11335] TFTP heuristic dissector for TURN ChannelData incorrectly matches sometimes
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11335] TFTP heuristic dissector for TURN ChannelData incorrectly matches sometimes
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11335] TFTP heuristic dissector for TURN ChannelData incorrectly matches sometimes
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11335] TFTP heuristic dissector for TURN ChannelData incorrectly matches sometimes
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11335] TFTP heuristic dissector for TURN ChannelData incorrectly matches sometimes
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 11334] Clicking menu Internals->Dissector Tables crashes wireshark
Next by Date: [Wireshark-bugs] [Bug 11335] TFTP heuristic dissector for TURN ChannelData incorrectly matches sometimes
Previous by thread: [Wireshark-bugs] [Bug 11334] Clicking menu Internals->Dissector Tables crashes wireshark
Next by thread: [Wireshark-bugs] [Bug 11335] TFTP heuristic dissector for TURN ChannelData incorrectly matches sometimes
Index(es):
- Date
- Thread