Wireshark mailing list archives
Re: [SPAM - Invalid Headers] - Re: DNP3 dissector bug in multi-fragmented messages - Email found in subject
From: Maksym Galemin <Maksym.Galemin () hydrix com>
Date: Thu, 17 Jul 2014 23:56:35 +0000
Hi guys, Yes, I can reproduce this issue in the latest dev build (1.12.0-rc2). I’ve also reported a new bug in Bugzilla: Bug 10289 - DNP3 dissector bug in multi-fragmented messages with TCP retransmissions<https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10289> Thanks, Maksym Galemin | Software Engineer Hydrix Pty Ltd “Our Expertise – Your Competitive Advantage” maksym.galemin () hydrix com<mailto:maksym.galemin () hydrix com> |direct +61 3 8573 5231 | mob +61 435 844 500 www.hydrix.com<http://www.hydrix.com/> | fax +61 3 8573 5289 | phone +61 3 8573 5299 From: Graham Bloice [mailto:graham.bloice () trihedral com] Sent: Thursday, 17 July 2014 11:14 PM To: Developer support list for Wireshark Cc: Maksym Galemin Subject: [SPAM - Invalid Headers] - Re: [Wireshark-dev] DNP3 dissector bug in multi-fragmented messages - Email found in subject Happens in a "fairly" recent dev build. For more info on reporting bugs, see http://wiki.wireshark.org/ReportingBugs On 17 July 2014 13:26, Evan Huus <eapache () gmail com<mailto:eapache () gmail com>> wrote: Hi Maksym, please file bugs in our bug tracker: https://bugs.wireshark.org/bugzilla/ It would also be helpful if you could check if the bug is still present in more recent versions (such as the 1.12 release candidate). Evan On Jul 17, 2014, at 3:54, Maksym Galemin <Maksym.Galemin () hydrix com<mailto:Maksym.Galemin () hydrix com>> wrote: Hi all, I’d like to report a bug in DNP3 dissector for reassembled multi-fragment DNP3 packets (DNP3 over TCP). In case of TCP retransmissions the DNP3 dissector reassembles invalid DNP3 application layer message by copying the retransmitted TCP data straight into the final DNP3 packet without checking if it’s a retransmission or not. As a result the dissector parses DNP3 application layer payload incorrectly. Please find a capture file in the attachment: here in packet #18 DNP3 transport layer frame 6 (packet #6) is a retransmission of the frame 1 data (packet #1). Thanks. ---------------------------------------------------------------------------------------------------------- Version 1.10.7 (v1.10.7-0-g6b931a1 from master-1.10) … Compiled (32-bit) with GTK+ 2.24.14, with Cairo 1.10.2, with Pango 1.30.1, with GLib 2.34.1, with WinPcap (4_1_3), with libz 1.2.5, without POSIX capabilities, without libnl, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.1, without Python, with GnuTLS 2.12.18, with Gcrypt 1.4.6, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Apr 22 2014), with AirPcap. Running on 32-bit Windows 7 Service Pack 1, build 7601, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap. Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz, with 2047MB of physical memory. Built using Microsoft Visual C++ 10.0 build 40219 ---------------------------------------------------------------------------------------------------------- Cheers, Maksym Galemin | Software Engineer Hydrix Pty Ltd “Our Expertise – Your Competitive Advantage” maksym.galemin () hydrix com<mailto:maksym.galemin () hydrix com> |direct +61 3 8573 5231 | mob +61 435 844 500 www.hydrix.com<http://www.hydrix.com/> | fax +61 3 8573 5289 | phone +61 3 8573 5299 <DNP3_dissector_issue.zip> ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org<mailto:wireshark-dev () wireshark org>> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org<mailto:wireshark-dev () wireshark org>> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org<mailto:wireshark-dev-request () wireshark org>?subject=unsubscribe -- Graham Bloice Software Developer Trihedral UK Limited
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- DNP3 dissector bug in multi-fragmented messages Maksym Galemin (Jul 17)
- Re: DNP3 dissector bug in multi-fragmented messages Evan Huus (Jul 17)
- Re: DNP3 dissector bug in multi-fragmented messages Graham Bloice (Jul 17)
- Re: [SPAM - Invalid Headers] - Re: DNP3 dissector bug in multi-fragmented messages - Email found in subject Maksym Galemin (Jul 18)
- Re: DNP3 dissector bug in multi-fragmented messages Graham Bloice (Jul 17)
- Re: DNP3 dissector bug in multi-fragmented messages Evan Huus (Jul 17)