Reported by: Cristian Ionescu-Idbohrn <cii@axis.com>
Date: Mon, 31 Jul 2000 19:48:09 UTC
Severity: normal
Found in version 0.8.0-1
Fixed in version ethereal/0.8.11-1
Done: Frederic Peters <fpeters@debian.org>
Bug is archived. No further changes may be made.
View this report as an mbox folder, status mbox, maintainer mbox
debian-bugs-dist@lists.debian.org, Frederic Peters <fpeters@debian.org>:Bug#68024; Package ethereal.
Full text and rfc822 format available.Cristian Ionescu-Idbohrn <cii@axis.com>:Frederic Peters <fpeters@debian.org>.
Full text and rfc822 format available.Message #5 received at bugs@bugs.debian.org (full text, mbox):
From: Cristian Ionescu-Idbohrn <cii@axis.com> To: bugs@bugs.debian.org Subject: ethereal hangs Date: Mon, 31 Jul 2000 18:44:24 +0200 (CEST)
Package: ethereal Version: 0.8.0-1 Ethereal hangs (consumes all the CPU it can get, doing nothing useful) on the SRVLOC frame number 42 in the attached trace. It is quite possible that frame 42 is wrong, but that should not get the program in an endless loop. Cheers, Cristian -- I respect faith, but doubt is what gets you an education. -- Wilson Mizner
debian-bugs-dist@lists.debian.org, Frederic Peters <fpeters@debian.org>:Bug#68024; Package ethereal.
Full text and rfc822 format available.Cristian Ionescu-Idbohrn <cii@axis.com>:Frederic Peters <fpeters@debian.org>.
Full text and rfc822 format available.Message #10 received at 68024@bugs.debian.org (full text, mbox):
From: Cristian Ionescu-Idbohrn <cii@axis.com> To: 68024@bugs.debian.org Subject: ethereal hangs (more) Date: Mon, 31 Jul 2000 23:59:47 +0200 (CEST)
[Message part 1 (text/plain, inline)]
The attachment was ment to follow with the initial bug submition, but it was thrown back at me. I'll make another attempt now. The original bug description (here below) refers to the attached trace. Cheers, Cristian ---------- Forwarded message ---------- Date: Sun, 30 Jul 2000 22:37:13 +0200 (CEST) From: Cristian Ionescu-Idbohrn <cii@axis.com> To: bugs@bugs.debian.org Subject: ethereal hangs Package: ethereal Version: 0.8.0-1 Ethereal hangs (consumes all the CPU it can get, doing nothing useful) on the SRVLOC frame number 42 in the attached trace. It is quite possible that frame 42 is wrong, but that should not get the program in an endless loop. Cheers, Cristian -- I respect faith, but doubt is what gets you an education. -- Wilson Mizner
[ethereal_hangs_on_frame_42.cap (application/octet-stream, ATTACHMENT)]
debian-bugs-dist@lists.debian.org, Frederic Peters <fpeters@debian.org>:Bug#68024; Package ethereal.
Full text and rfc822 format available.Cristian Ionescu-Idbohrn <cii@axis.com>:Frederic Peters <fpeters@debian.org>.
Full text and rfc822 format available.Message #15 received at 68024@bugs.debian.org (full text, mbox):
From: Cristian Ionescu-Idbohrn <cii@axis.com> To: 68024@bugs.debian.org Subject: ethereal hangs Date: Thu, 3 Aug 2000 22:09:16 +0200 (CEST)
I did test: Package: ethereal Version: 0.8.10-1 too (woody). Same behaviour. Seems the bug not distribution dependent. Cheers, Cristian -- I respect faith, but doubt is what gets you an education. -- Wilson Mizner
debian-bugs-dist@lists.debian.org, Frederic Peters <fpeters@debian.org>:Bug#68024; Package ethereal.
Full text and rfc822 format available.Cristian Ionescu-Idbohrn <cii@axis.com>:Frederic Peters <fpeters@debian.org>.
Full text and rfc822 format available.Message #20 received at 68024@bugs.debian.org (full text, mbox):
From: Cristian Ionescu-Idbohrn <cii@axis.com> To: 68024@bugs.debian.org Subject: Re: [ethereal-users] ethereal hangs (bug #68024 reported to Debians bug list) (fwd) Date: Fri, 4 Aug 2000 14:00:24 +0200 (CEST)
[Message part 1 (text/plain, INLINE)]
Bug fix comming up :-)
/Cristian
---------- Forwarded message ----------
Date: Fri, 4 Aug 2000 00:37:10 -0700
From: Guy Harris <gharris@flashcom.net>
To: Guy Harris <gharris@flashcom.net>
Cc: Cristian Ionescu-Idbohrn <cii@axis.com>, Guy Harris <guy@netapp.com>,
ethereal-users@zing.org, ethereal-dev@zing.org
Subject: Re: [ethereal-users] ethereal hangs (bug #68024 reported to
Debians bug list)
On Thu, Aug 03, 2000 at 09:23:26PM -0700, Guy Harris wrote:
> There are some problems in the SRVLOC dissector. I shall work on a fix
> for them, and send a patch out.
This fixes the hang, and clears up a number of problems with the SRVLOC
dissector; I'll be checking it in.
[patch (text/plain, ATTACHMENT)]
Index: packet-srvloc.c
===================================================================
RCS file: /usr/local/cvsroot/ethereal/packet-srvloc.c,v
retrieving revision 1.9
diff -c -r1.9 packet-srvloc.c
*** packet-srvloc.c 2000/05/31 05:07:48 1.9
--- packet-srvloc.c 2000/08/04 07:35:48
***************
*** 147,153 ****
{ AUTH_FAILED, "Authentication failed" },
};
! void
dissect_authblk(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
{
struct tm *stamp;
--- 147,153 ----
{ AUTH_FAILED, "Authentication failed" },
};
! static int
dissect_authblk(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
{
struct tm *stamp;
***************
*** 172,177 ****
--- 172,178 ----
proto_tree_add_text(tree, NullTVB, offset, length, "Authentication block: %s",
format_text(&pd[offset], length));
offset += length;
+ return offset;
};
/* Packet dissection routine called by tcp & udp when port 427 detected */
***************
*** 182,189 ****
proto_item *ti, *tf;
proto_tree *srvloc_tree, *srvloc_flags;
struct srvloc_hdr srvloc_hdr;
! int count;
! int length;
if (check_col(fd, COL_PROTOCOL))
col_add_str(fd, COL_PROTOCOL, "SRVLOC");
--- 183,190 ----
proto_item *ti, *tf;
proto_tree *srvloc_tree, *srvloc_flags;
struct srvloc_hdr srvloc_hdr;
! guint32 count;
! guint32 length;
if (check_col(fd, COL_PROTOCOL))
col_add_str(fd, COL_PROTOCOL, "SRVLOC");
***************
*** 223,387 ****
switch (srvloc_hdr.function) {
case SRVREQ:
proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Service Request");
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Previous Response List Length: %d", length);
offset += 2;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Previous Response List: %s", format_text(&pd[offset], length));
offset += length;
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Predicate length: %d", length);
offset += 2;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Predicate: %s", format_text(&pd[offset], length));
offset += length;
break;
case SRVRPLY:
proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Service Reply");
! proto_tree_add_uint(srvloc_tree, hf_srvloc_error, NullTVB, offset, 2, pd[offset]);;
! offset += 2;
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL Count: %d", pntohs(&pd[offset]));
! offset += 2;
! for (count = pntohs(&pd[offset]) + 1; count > 0; count--, offset++) {
proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL lifetime: %d", pntohs(&pd[offset]));
offset += 2;
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL length: %d", length);
offset += 2;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Service URL: %s", format_text(&pd[offset], length));
offset += length;
if ( (srvloc_hdr.flags & FLAG_U) == FLAG_U )
! dissect_authblk(pd, offset, fd, srvloc_tree);
};
break;
case SRVREG:
proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Service Registration");
proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL lifetime: %d", pntohs(&pd[offset]));
offset += 2;
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL length: %d", length);
offset += 2;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Service URL: %s", format_text(&pd[offset], length));
offset += length;
if ( (srvloc_hdr.flags & FLAG_U) == FLAG_U )
! dissect_authblk(pd, offset, fd, srvloc_tree);
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Attribute List length: %d", length);
offset += 2;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Attribute List: %s", format_text(&pd[offset], length));
offset += length;
if ( (srvloc_hdr.flags & FLAG_A) == FLAG_A )
! dissect_authblk(pd, offset, fd, srvloc_tree);
break;
case SRVDEREG:
proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Service Deregister");
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL length: %d", length);
offset += 2;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Service URL: %s", format_text(&pd[offset], length));
offset += length;
if ( (srvloc_hdr.flags & FLAG_U) == FLAG_U )
! dissect_authblk(pd, offset, fd, srvloc_tree);
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Attribute List length: %d", length);
offset += 2;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Attribute List: %s", format_text(&pd[offset], length));
offset += length;
if ( (srvloc_hdr.flags & FLAG_A) == FLAG_A )
! dissect_authblk(pd, offset, fd, srvloc_tree);
break;
case SRVACK:
proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Service Acknowledge");
! proto_tree_add_uint(srvloc_tree, hf_srvloc_error, NullTVB, offset, 2, pd[offset]);;
offset += 2;
break;
case ATTRRQST:
proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Attribute Request");
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Previous Response List Length: %d", length);
offset += 2;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Previous Response List: %s", format_text(&pd[offset], length));
offset += length;
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL length: %d", length);
offset += 2;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Service URL: %s", format_text(&pd[offset], length));
offset += length;
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Scope List Length: %d", length);
offset += 2;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Scope Response List: %s", format_text(&pd[offset], length));
offset += length;
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Attribute List length: %d", length);
offset += 2;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Attribute List: %s", format_text(&pd[offset], length));
offset += length;
break;
case ATTRRPLY:
proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Attribute Reply");
! proto_tree_add_uint(srvloc_tree, hf_srvloc_error, NullTVB, offset, 2, pd[offset]);;
offset += 2;
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Attribute List length: %d", length);
offset += 2;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Attribute List: %s", format_text(&pd[offset], length));
offset += length;
if ( (srvloc_hdr.flags & FLAG_A) == FLAG_A )
! dissect_authblk(pd, offset, fd, srvloc_tree);
break;
case DAADVERT:
proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "DA Advertisement");
! proto_tree_add_uint(srvloc_tree, hf_srvloc_error, NullTVB, offset, 2, pd[offset]);;
offset += 2;
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL length: %d", length);
offset += 2;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Service URL: %s", format_text(&pd[offset], length));
offset += length;
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Scope List Length: %d", length);
offset += 2;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Scope Response List: %s", format_text(&pd[offset], length));
offset += length;
break;
case SRVTYPERQST:
proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Service Type Request");
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Previous Response List Length: %d", length);
offset += 2;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Previous Response List: %s", format_text(&pd[offset], length));
offset += length;
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Naming Authority List length: %d", length);
offset += 2;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Naming Authority List: %s", format_text(&pd[offset], length));
offset += length;
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Scope List Length: %d", length);
offset += 2;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Scope Response List: %s", format_text(&pd[offset], length));
offset += length;
break;
case SRVTYPERPLY:
proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Service Type Reply");
! proto_tree_add_uint(srvloc_tree, hf_srvloc_error, NullTVB, offset, 2, pd[offset]);;
! offset += 2;
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Service Type Count: %d", pntohs(&pd[offset]));
! offset += 2;
! for (count = pntohs(&pd[offset]) + 1; count > 0; count--, offset++) {
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Service Type List length: %d", length);
offset += 2;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Service Type List: %s", format_text(&pd[offset], length));
offset += length;
};
break;
--- 224,482 ----
switch (srvloc_hdr.function) {
case SRVREQ:
proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Service Request");
+ if (!BYTES_ARE_IN_FRAME(offset, 2))
+ break;
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Previous Response List Length: %u", length);
offset += 2;
+ if (!BYTES_ARE_IN_FRAME(offset, length))
+ break;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Previous Response List: %s", format_text(&pd[offset], length));
offset += length;
+ if (!BYTES_ARE_IN_FRAME(offset, 2))
+ break;
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Predicate length: %u", length);
offset += 2;
+ if (!BYTES_ARE_IN_FRAME(offset, length))
+ break;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Predicate: %s", format_text(&pd[offset], length));
offset += length;
break;
case SRVRPLY:
proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Service Reply");
! if (!BYTES_ARE_IN_FRAME(offset, 2))
! break;
! proto_tree_add_uint(srvloc_tree, hf_srvloc_error, NullTVB, offset, 2, pd[offset]);
! offset += 2;
! if (!BYTES_ARE_IN_FRAME(offset, 2))
! break;
! count = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL Count: %u", count);
! offset += 2;
! while (count > 0) {
! if (!BYTES_ARE_IN_FRAME(offset, 2))
! break;
proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL lifetime: %d", pntohs(&pd[offset]));
offset += 2;
+ if (!BYTES_ARE_IN_FRAME(offset, 2))
+ break;
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL length: %u", length);
offset += 2;
+ if (!BYTES_ARE_IN_FRAME(offset, length))
+ break;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Service URL: %s", format_text(&pd[offset], length));
offset += length;
if ( (srvloc_hdr.flags & FLAG_U) == FLAG_U )
! offset = dissect_authblk(pd, offset, fd, srvloc_tree);
! count--;
};
break;
case SRVREG:
proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Service Registration");
+ if (!BYTES_ARE_IN_FRAME(offset, 2))
+ break;
proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL lifetime: %d", pntohs(&pd[offset]));
offset += 2;
+ if (!BYTES_ARE_IN_FRAME(offset, 2))
+ break;
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL length: %u", length);
offset += 2;
+ if (!BYTES_ARE_IN_FRAME(offset, length))
+ break;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Service URL: %s", format_text(&pd[offset], length));
offset += length;
if ( (srvloc_hdr.flags & FLAG_U) == FLAG_U )
! offset = dissect_authblk(pd, offset, fd, srvloc_tree);
! if (!BYTES_ARE_IN_FRAME(offset, 2))
! break;
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Attribute List length: %u", length);
offset += 2;
+ if (!BYTES_ARE_IN_FRAME(offset, length))
+ break;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Attribute List: %s", format_text(&pd[offset], length));
offset += length;
if ( (srvloc_hdr.flags & FLAG_A) == FLAG_A )
! offset = dissect_authblk(pd, offset, fd, srvloc_tree);
break;
case SRVDEREG:
proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Service Deregister");
+ if (!BYTES_ARE_IN_FRAME(offset, 2))
+ break;
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL length: %u", length);
offset += 2;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Service URL: %s", format_text(&pd[offset], length));
+ if (!BYTES_ARE_IN_FRAME(offset, length))
+ break;
offset += length;
if ( (srvloc_hdr.flags & FLAG_U) == FLAG_U )
! offset = dissect_authblk(pd, offset, fd, srvloc_tree);
! if (!BYTES_ARE_IN_FRAME(offset, 2))
! break;
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Attribute List length: %u", length);
offset += 2;
+ if (!BYTES_ARE_IN_FRAME(offset, length))
+ break;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Attribute List: %s", format_text(&pd[offset], length));
offset += length;
if ( (srvloc_hdr.flags & FLAG_A) == FLAG_A )
! offset = dissect_authblk(pd, offset, fd, srvloc_tree);
break;
case SRVACK:
proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Service Acknowledge");
! if (!BYTES_ARE_IN_FRAME(offset, 2))
! break;
! proto_tree_add_uint(srvloc_tree, hf_srvloc_error, NullTVB, offset, 2, pd[offset]);
offset += 2;
break;
case ATTRRQST:
proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Attribute Request");
+ if (!BYTES_ARE_IN_FRAME(offset, 2))
+ break;
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Previous Response List Length: %u", length);
offset += 2;
+ if (!BYTES_ARE_IN_FRAME(offset, length))
+ break;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Previous Response List: %s", format_text(&pd[offset], length));
offset += length;
+ if (!BYTES_ARE_IN_FRAME(offset, 2))
+ break;
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL length: %u", length);
offset += 2;
+ if (!BYTES_ARE_IN_FRAME(offset, length))
+ break;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Service URL: %s", format_text(&pd[offset], length));
offset += length;
+ if (!BYTES_ARE_IN_FRAME(offset, 2))
+ break;
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Scope List Length: %u", length);
offset += 2;
+ if (!BYTES_ARE_IN_FRAME(offset, length))
+ break;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Scope Response List: %s", format_text(&pd[offset], length));
offset += length;
+ if (!BYTES_ARE_IN_FRAME(offset, 2))
+ break;
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Attribute List length: %u", length);
offset += 2;
+ if (!BYTES_ARE_IN_FRAME(offset, length))
+ break;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Attribute List: %s", format_text(&pd[offset], length));
offset += length;
break;
case ATTRRPLY:
proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Attribute Reply");
! if (!BYTES_ARE_IN_FRAME(offset, 2))
! break;
! proto_tree_add_uint(srvloc_tree, hf_srvloc_error, NullTVB, offset, 2, pd[offset]);
offset += 2;
+ if (!BYTES_ARE_IN_FRAME(offset, 2))
+ break;
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Attribute List length: %u", length);
offset += 2;
+ if (!BYTES_ARE_IN_FRAME(offset, length))
+ break;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Attribute List: %s", format_text(&pd[offset], length));
offset += length;
if ( (srvloc_hdr.flags & FLAG_A) == FLAG_A )
! offset = dissect_authblk(pd, offset, fd, srvloc_tree);
break;
case DAADVERT:
proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "DA Advertisement");
! if (!BYTES_ARE_IN_FRAME(offset, 2))
! break;
! proto_tree_add_uint(srvloc_tree, hf_srvloc_error, NullTVB, offset, 2, pd[offset]);
offset += 2;
+ if (!BYTES_ARE_IN_FRAME(offset, 2))
+ break;
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL length: %u", length);
offset += 2;
+ if (!BYTES_ARE_IN_FRAME(offset, length))
+ break;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Service URL: %s", format_text(&pd[offset], length));
offset += length;
+ if (!BYTES_ARE_IN_FRAME(offset, 2))
+ break;
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Scope List Length: %u", length);
offset += 2;
+ if (!BYTES_ARE_IN_FRAME(offset, length))
+ break;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Scope Response List: %s", format_text(&pd[offset], length));
offset += length;
break;
case SRVTYPERQST:
proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Service Type Request");
+ if (!BYTES_ARE_IN_FRAME(offset, 2))
+ break;
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Previous Response List Length: %u", length);
offset += 2;
+ if (!BYTES_ARE_IN_FRAME(offset, length))
+ break;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Previous Response List: %s", format_text(&pd[offset], length));
offset += length;
+ if (!BYTES_ARE_IN_FRAME(offset, 2))
+ break;
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Naming Authority List length: %u", length);
offset += 2;
+ if (!BYTES_ARE_IN_FRAME(offset, length))
+ break;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Naming Authority List: %s", format_text(&pd[offset], length));
offset += length;
+ if (!BYTES_ARE_IN_FRAME(offset, 2))
+ break;
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Scope List Length: %u", length);
offset += 2;
+ if (!BYTES_ARE_IN_FRAME(offset, length))
+ break;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Scope Response List: %s", format_text(&pd[offset], length));
offset += length;
break;
case SRVTYPERPLY:
proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Service Type Reply");
! if (!BYTES_ARE_IN_FRAME(offset, 2))
! break;
! proto_tree_add_uint(srvloc_tree, hf_srvloc_error, NullTVB, offset, 2, pd[offset]);
! offset += 2;
! if (!BYTES_ARE_IN_FRAME(offset, 2))
! break;
! count = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Service Type Count: %u", count);
! offset += 2;
! while (count > 0) {
! if (!BYTES_ARE_IN_FRAME(offset, 2))
! break;
length = pntohs(&pd[offset]);
! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Service Type List length: %u", length);
offset += 2;
+ if (!BYTES_ARE_IN_FRAME(offset, length))
+ break;
proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Service Type List: %s", format_text(&pd[offset], length));
offset += length;
+ count--;
};
break;
debian-bugs-dist@lists.debian.org, Frederic Peters <fpeters@debian.org>:Bug#68024; Package ethereal.
Full text and rfc822 format available.Cristian Ionescu-Idbohrn <cii@axis.com>:Frederic Peters <fpeters@debian.org>.
Full text and rfc822 format available.Message #25 received at 68024@bugs.debian.org (full text, mbox):
From: Cristian Ionescu-Idbohrn <cii@axis.com>
To: Guy Harris <gharris@flashcom.net>
Cc: 68024@bugs.debian.org, ethereal-users@zing.org, ethereal-dev@zing.org,
Peter Kjellerstedt <pkj@axis.com>
Subject: Re: [ethereal-users] ethereal hangs (bug #68024 reported to Debians
bug list)
Date: Sat, 5 Aug 2000 00:53:02 +0200 (CEST)
Looks great Guy and Peter (I added Peter's patch too). Tested. Works fine. Thanks a lot guys :-) Cristian On Fri, 4 Aug 2000, Guy Harris wrote: > On Thu, Aug 03, 2000 at 09:23:26PM -0700, Guy Harris wrote: > > There are some problems in the SRVLOC dissector. I shall work on a fix > > for them, and send a patch out. > > This fixes the hang, and clears up a number of problems with the SRVLOC > dissector; I'll be checking it in. > -- I respect faith, but doubt is what gets you an education. -- Wilson Mizner
debian-bugs-dist@lists.debian.org, Frederic Peters <fpeters@debian.org>:Bug#68024; Package ethereal.
Full text and rfc822 format available.Frederic Peters <fpeters@swing.be>:Frederic Peters <fpeters@debian.org>.
Full text and rfc822 format available.Message #30 received at 68024@bugs.debian.org (full text, mbox):
From: Frederic Peters <fpeters@swing.be> To: Cristian Ionescu-Idbohrn <cii@axis.com>, 68024@bugs.debian.org Subject: Re: Bug#68024: [ethereal-users] ethereal hangs (bug #68024 reported to Debians bug list) Date: Tue, 08 Aug 2000 20:03:31 +0200
> Looks great Guy and Peter (I added Peter's patch too). > Tested. Works fine. I was away for the last 10 days but I'm back now and will upload a patched version of 0.8.10 this week. Regards, Frederic -- Frederic Peters <fpeters@swing.be> « Le travail a été ce que l'homme Debian GNU/Linux : http://www.debian.org a trouvé de mieux pour ne rien Gaby : http://gaby.netpedia.net faire de sa vie. » R. Vaneigem
Frederic Peters <fpeters@debian.org>:Cristian Ionescu-Idbohrn <cii@axis.com>:Message #35 received at 68024-close@bugs.debian.org (full text, mbox):
From: Frederic Peters <fpeters@debian.org> To: 68024-close@bugs.debian.org Subject: Bug#68024: fixed in ethereal 0.8.11-1 Date: Sat, 12 Aug 2000 14:52:46 -0400
We believe that the bug you reported is fixed in the latest version of ethereal, which has been installed in the Debian FTP archive: ethereal_0.8.11.orig.tar.gz to dists/woody/main/source/net/ethereal_0.8.11.orig.tar.gz replacing ethereal_0.8.10.orig.tar.gz ethereal_0.8.11-1.diff.gz to dists/woody/main/source/net/ethereal_0.8.11-1.diff.gz replacing ethereal_0.8.10-1.diff.gz ethereal_0.8.11-1.dsc to dists/woody/main/source/net/ethereal_0.8.11-1.dsc replacing ethereal_0.8.10-1.dsc ethereal_0.8.11-1_i386.deb to dists/woody/main/binary-i386/net/ethereal_0.8.11-1.deb replacing ethereal_0.8.10-1.deb Note that this package is not part of the released stable Debian distribution. It may have dependencies on other unreleased software, or other instabilities. Please take care if you wish to install it. The update will eventually make its way into the next released Debian distribution. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 68024@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Frederic Peters <fpeters@debian.org> (supplier of updated ethereal package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.6 Date: Thu, 10 Aug 2000 21:06:52 +0200 Source: ethereal Binary: ethereal Architecture: source i386 Version: 0.8.11-1 Distribution: unstable Urgency: low Maintainer: Frederic Peters <fpeters@debian.org> Description: ethereal - Network traffic analyzer Closes: 68024 Changes: ethereal (0.8.11-1) unstable; urgency=low . * New upstream release. * Applied patch to fix hang on some SRVLOC frames (closes: #68024) Files: 40a3fc664b3c10ef38b63a6a3fb49ec0 652 net optional ethereal_0.8.11-1.dsc 41bd942be38da26faeb1dbf512705583 1302155 net optional ethereal_0.8.11.orig.tar.gz 3407aa466780648b403d9ea714ceea22 2141 net optional ethereal_0.8.11-1.diff.gz cc4b6af94469d96bf758f4570979e65f 1103924 net optional ethereal_0.8.11-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5kv/soR3LsWeD7V4RAgMxAJ96gYovY+oBz2I5rCF5Cr9pq3/iNwCghAwp LKYPwwiHVSETMq7ih8VnPUM= =Q0lp -----END PGP SIGNATURE-----
debian-bugs-dist@lists.debian.org, Frederic Peters <fpeters@debian.org>:Bug#68024; Package ethereal.
Full text and rfc822 format available.Cristian Ionescu-Idbohrn <cii@axis.com>:Frederic Peters <fpeters@debian.org>.
Full text and rfc822 format available.Message #40 received at 68024@bugs.debian.org (full text, mbox):
From: Cristian Ionescu-Idbohrn <cii@axis.com> To: 68024@bugs.debian.org Subject: Sorry _if_ I disappoint you, but ... Date: Sat, 12 Aug 2000 22:40:58 +0200 (CEST)
... the official: ethereal-0.8.11.tar.gz . . . . . Aug 3 02:59 1272k exposed on ftp://ethereal.zing.org/pub/ethereal/ does not correct the bug. That version needs 2 other patches, and that will eliminate the bug. The new deb (0.8.11) is not available at this hour, not even on ftp.debian.org, so I can't verify it. Unless that package is made of an unofficial 0.8.11, chances are the bug is still there. Did anyone verify agaist the trace I attached to one of the bug report additions? Cheers, Cristian -- I respect faith, but doubt is what gets you an education. -- Wilson Mizner
debian-bugs-dist@lists.debian.org, Frederic Peters <fpeters@debian.org>:Bug#68024; Package ethereal.
Full text and rfc822 format available.Frederic Peters <fpeters@swing.be>:Frederic Peters <fpeters@debian.org>.
Full text and rfc822 format available.Message #45 received at 68024@bugs.debian.org (full text, mbox):
From: Frederic Peters <fpeters@swing.be> To: Cristian Ionescu-Idbohrn <cii@axis.com>, 68024@bugs.debian.org Subject: Re: Bug#68024: Sorry _if_ I disappoint you, but ... Date: Sun, 13 Aug 2000 01:10:59 +0200
Hello. > ... the official: > > ethereal-0.8.11.tar.gz . . . . . Aug 3 02:59 1272k > > exposed on ftp://ethereal.zing.org/pub/ethereal/ > > does not correct the bug. That version needs 2 other patches, and that > will eliminate the bug. > > The new deb (0.8.11) is not available at this hour, not even on > ftp.debian.org, so I can't verify it. > > Unless that package is made of an unofficial 0.8.11, chances are the bug > is still there. Did anyone verify agaist the trace I attached to one of > the bug report additions? This is 0.8.11 + patch from your mail dated Fri, 4 Aug 2000 14:00:24 +0200 (CEST) If that is not enough could you point me to the right patches ? Regards, Frederic -- Frederic Peters <fpeters@swing.be> « Le travail a été ce que l'homme Debian GNU/Linux : http://www.debian.org a trouvé de mieux pour ne rien Gaby : http://gaby.netpedia.net faire de sa vie. » R. Vaneigem
Send a report that this bug log contains spam.
Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.