Wireshark · Wireshark-dev: Re: [Wireshark-dev] [patch] Stanag 5066 dissector type 25 s

Wireshark-dev: Re: [Wireshark-dev] [patch] Stanag 5066 dissector type 25 s_prim parser's bug

From: Taner KURTULUŞ <taner.kurtulus@xxxxxxxxxxxxxx>

Date: Tue, 12 Sep 2006 17:52:47 +0300 (EEST)

Hi,

> Confirmed.
>
> It was indeed a "copy-paste-did not edit correctly" bug.
>
> While going over the code once more, I found:
>
> 1 - One bug in the heuristic. (Changed '&&' to '||')
> 2 - One to-do that was already done. (Removed the /* TODO */)
> 3 - One to-do that is now done. ;-)
>
> Patch (including the change below) attached.
>
> Taner, if it is possible, can you add a capture with the EXPEDITED* PDUs
> to
> the Wiki? (http://wiki.wireshark.org/STANAG_5066)

Relevant changes have been done and pcap dumps were added.

> Thanks,

Thanks,

>
> Menno Andriesse
>
> -----Original Message-----
> From: Taner KURTULUª [mailto:taner.kurtulus@xxxxxxxxxxxxxx]
> Sent: dinsdag 12 september 2006 9:41
> To: wireshark-dev@xxxxxxxxxxxxx
> Cc: Menno.Andriesse@xxxxxxxxxxxxx
> Subject: [patch] Stanag 5066 dissector type 25 s_prim parser's bug
>
> Hi folks,
> We think we've found a bug in STANAG 5066 SIS layer dissector.
>
> Problem is at S_EXPEDITED_UNIDATA_INDICATION S_Prim's parser
> and occurs when we receive a U_PDU via expedited unidata channel.
> Dissector tries to parse first 2 bytes of U_PDU as a header size of  type
> 21 s_prim (S_UNIDATA_INDICATION). But, this is not an wanted  process on
> that parser. Maybe, it was forgotten unchanged from
> S_UNIDATA_INDICATION dissector while copying it. So it shows
> data (U_PDU) 2 bytes short. Moreover, if data is just 1-byte, TCP
> datagrams
> receive TCP checksum error.
>
>
> We have corrected that bug as shown below;
>
>
> diff -rNu ethereal-0.99.0/epan/dissectors/packet-s5066.c
> ethereal-0.99.0.patched/epan/dissectors/packet-s5066.c
> --- ethereal-0.99.0/epan/dissectors/packet-s5066.c	2006-09-11
> 12:29:20.000000000 +0300
> +++ ethereal-0.99.0.patched/epan/dissectors/packet-s5066.c	2006-09-11
> 12:31:04.000000000 +0300
> @@ -1129,10 +1129,9 @@
>  	proto_tree_add_item(tree, hf_s5066_25_tx_mode, tvb, offset, 1,
> FALSE);
> proto_tree_add_item(tree, hf_s5066_25_src_sapid, tvb, offset, 1, FALSE);
> offset++;
>  	offset = dissect_s5066_address(tvb, offset, tree, TRUE);
> -	proto_tree_add_item(tree, hf_s5066_25_size, tvb, offset, 2, FALSE);
> offset += 2;
>
>  	d_pdu_size = tvb_get_ntohs(tvb, offset);
> -	proto_tree_add_item(tree, hf_s5066_21_size, tvb, offset, 2, FALSE);
> offset += 2;
> +	proto_tree_add_item(tree, hf_s5066_25_size, tvb, offset, 2, FALSE);
> offset += 2;
>
>  	/* Handle RockwellCollins (<= v2.1) 4-byte offset */
>  	if ( (pdu_size - offset) == d_pdu_size + 4 ) {
>
>
>
> Best regards,
>
> Taner KURTULUS
> Voice: +903124266789 / 2085
> Fax: +903124284880
> Mail: taner.kurtulus@xxxxxxxxxxxxxx
>
> TUBITAK-UEKAE/G222 Software Development Division
> http://g222.uekae.tubitak.gov.tr/
>
>
>
>
>
>



Taner KURTULUŞ / Araştırmacı
TÜBİTAK UEKAE/G222
Celal Bayar İş Merkezi Kat: 7
Atatürk Bulvarı No: 211/20 06100
Kavaklıdere ANKARA
Tel: (+90) 312 426 6789 / Dahili: 2285
Faks: (+90) 312 428 4880

References:
- [Wireshark-dev] [patch] Stanag 5066 dissector type 25 s_prim parser's bug
  - From: Taner KURTULUŞ
- Re: [Wireshark-dev] [patch] Stanag 5066 dissector type 25 s_prim parser's bug
  - From: Menno Andriesse

Prev by Date: [Wireshark-dev] Ethereal-dev] Crash on Windows XP
Next by Date: Re: [Wireshark-dev] need urgent info on 802.11n feature development
Previous by thread: Re: [Wireshark-dev] [patch] Stanag 5066 dissector type 25 s_prim parser's bug
Next by thread: [Wireshark-dev] Win32: change the install-deps target, so it's creating new dirs instead of putting all into the root source dir?
Index(es):
- Date
- Thread