http://blog.gmane.org/gmane.network.wireshark.bugs hourly 1 1901-01-01T00:00+00:00 http://gmane.org/img/gmane-25t.png http://gmane.org http://comments.gmane.org/gmane.network.wireshark.bugs/11130 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2944 Summary: LLC GPRS - "Unnumbered Information" should be "Unconfirmed Information" Product: Wireshark Version: 1.0.3 Platform: PC OS/Version: Windows 2000 Status: NEW Severity: Minor Priority: Low Component: Wireshark AssignedTo: wireshark-bugs< at >wireshark.org ReportedBy: khaithye< at >yahoo.com.sg Created an attachment (id=2322) --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2322) Example of a GPRS LLC UI frame Build Information: Shark 1.0.3 (SVN Rev 26134) Copyright 1998-2008 Gerald Combs <gerald< at >wireshark.org> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled with GLib 2.14.6, with WinPcap (version unknown), with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8, with ADNS, with Lua 5.1, with GnuTLS 2.3.8, with Gcrypt 1.4.1, with MIT Kerberos. Running on Windows 2000 Service Pack 4, build 2195, with WinPcap version 4.0.2 (packet.dll version 4.0.0.1040), based on libpcap version 0.9.5. Built using Microsoft Visual C++ 6.0 build 8804 -- In the decoding of GPRS LLC layer, the UI format is erroneously decoded as "Unnumbered Information", but according to ETSI 04.64, it should be "Unconfirmed Information". The term "unnumbered" is misleading, because there is an N(U) in this layer for UI format (so, it's actually numbered). Following is an example: MS-SGSN LLC (Mobile Station - Serving GPRS Support Node Logical Link Control) SAPI: GPRS Mobility Management FCS: 0x21c14e (correct) Address field SAPI: LLGMM 0... .... = Protocol Discriminator_bit: OK .0.. .... = Command/Response bit: DownLink/UpLink = Response/Command .... 0001 = SAPI: GPRS Mobility Management (1) Unnumbered Information format - UI, N(U) = 0 110. .... .... .... = UI format: 0x0006 ...0 0... .... .... = Spare bits: 0x0000 .... .000 0000 00.. = N(U): 0 .... .... .... ..0. = E bit: non encrypted frame .... .... .... ...1 = PM bit: FCS covers the frame header and information fields bugzilla-daemon< at >wireshark.org 2008-10-07T06:36:40 http://comments.gmane.org/gmane.network.wireshark.bugs/11116 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2943 Summary: decoding of ESP payload issue Product: Wireshark Version: 1.1.x (Experimental) Platform: PC OS/Version: Windows 2000 Status: NEW Severity: Major Priority: Low Component: Wireshark AssignedTo: wireshark-bugs< at >wireshark.org ReportedBy: vincent.helfre< at >gmx.net Created an attachment (id=2320) --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2320) sample_esp_dec.pcap Build Information: Version 1.1.2-SVN-26356 (SVN Rev 26356) Copyright 1998-2008 Gerald Combs <gerald< at >wireshark.org> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled with GTK+ 2.14.3, with GLib 2.18.1, with WinPcap (version unknown), with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8, with c-ares 1.5.3, without ADNS, with Lua 5.1, with GnuTLS 2.3.8, with Gcrypt 1.4.1, with MIT Kerberos, with PortAudio V19-devel (built Oct 5 2008), with AirPcap. Running on Windows 2000 Service Pack 4, build 2195, with WinPcap version 4.0.2 (packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, without AirPcap. Built using Microsoft Visual C++ 9.0 build 30729 Wireshark is Open Source Software released under the GNU General Public License. Check the man page and http://www.wireshark.org for more information. -- There is a regression in recent wireshark release. Decoding ESP payload works on version 0.99.8. In 1.1.2, it does not work any more. I am attaching sample_esp_dec.pcap which should be possible to decode with these keys: In Edit->Preference->Protocoles->ESP: Attempt to detect/decode encrypted ESP payload: box checked SA#1: IPv4|192.168.204.4|192.168.0.101|* Encryption algorithm #1: AES-CBC[RFC3602] Authentication algorithm #1: HMAC-SHA1-96[RFC2404] Encryption Key #1: 0x2062279616a7abbc7b2b3d9b33f3f9e9 Authentication Key #1: 0x152d80ff9f3fd5d2775bd644bfd59880f0d9bd2a SA#2: IPv4|192.168.0.101|192.168.204.4|* Encryption algorithm #2: AES-CBC[RFC3602] Authentication algorithm #2: HMAC-SHA1-96[RFC2404] Encryption Key #2: 0x9adebb20e176c4ff494be15ca3ab1d5d Authentication Key #2: 0xfb3d5efbfbb5d5373118f43f33733081de9cf4ef bugzilla-daemon< at >wireshark.org 2008-10-06T13:23:53 http://comments.gmane.org/gmane.network.wireshark.bugs/11115 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2942 Summary: build failure in packet-bgp.c: variable ‘next_tvb’ might be clobbered by ‘longjmp’ or ‘vfork’ Product: Wireshark Version: 1.1.x (Experimental) Platform: PC URL: https://bugs.gentoo.org/show_bug.cgi?id=239941 OS/Version: All Status: NEW Severity: Normal Priority: Low Component: Wireshark AssignedTo: wireshark-bugs< at >wireshark.org ReportedBy: pva< at >gentoo.org Build Information: this is build problem -- During build with -ftracer enabled in CFLAGS our user get's the following error: then mv -f ".deps/libdissectors_la-packet-bootp.Tpo" ".deps/libdissectors_la-packet-bootp.Plo"; else rm -f ".deps/libdissectors_la-packet-bootp.Tpo"; exit 1; fi libtool: compile: x86_64-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I./../.. -I./.. -I/usr/include -I/usr/local/include -DPLUGIN_DIR=\"/usr/lib64/wireshark/plugins/1.1.0\" -Werror -DINET6 "-D_U_=__attribute__((unused))" -march=k8 -O2 -pipe -ftree-vectorize -ftracer -Wall -W -Wdeclaration-after-statement -Wendif-labels -Wpointer-arith -Wno-pointer-sign -Warray-bounds -Wcast-align -I/usr/include -I/usr/local/include -pthread -I/usr/include/gtk-2.0 -I/usr/lib64/gtk-2.0/include -I/usr/include/atk-1.0 -I/usr/include/cairo -I/usr/include/pango-1.0 -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/include/pixman-1 -I/usr/include/freetype2 -I/usr/include/libpng12 -MT libdissectors_la-packet-bootp.lo -MD -MP -MF .deps/libdissectors_la-packet-bootp.Tpo -c packet-bootp.c -fPIC -DPIC -o .libs/libdissectors_la-packet-bootp.o cc1: warnings being treated as errors packet-bgp.c: In function ‘dissect_bgp’: packet-bgp.c:2743: erreur: variable ‘next_tvb’ might be clobbered by ‘longjmp’ or ‘vfork’ make[4]: *** [libdissectors_la-packet-bgp.lo] Erreur 1 make[4]: *** Attente des tâches non terminées.... make[4]: quittant le répertoire « /var/tmp/portage/net-analyzer/wireshark-1.1.0/work/wireshark-1.1.0/epan/dissectors » make[3]: *** [all] Erreur 2 make[3]: quittant le répertoire « /var/tmp/portage/net-analyzer/wireshark-1.1.0/work/wireshark-1.1.0/epan/dissectors Complete build log and some additional system info you can find in URL. bugzilla-daemon< at >wireshark.org 2008-10-06T07:13:53 http://comments.gmane.org/gmane.network.wireshark.bugs/11112 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2941 Summary: Req/resp tracking and service response time stats for GTP-C Product: Wireshark Version: SVN Platform: PC OS/Version: Fedora Status: NEW Severity: Enhancement Priority: Medium Component: Wireshark AssignedTo: wireshark-bugs< at >wireshark.org ReportedBy: kari.tiirikainen< at >nsn.com Kari Tiirikainen <kari.tiirikainen< at >nsn.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2318| |review_for_checkin? Flag| | Created an attachment (id=2318) --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2318) SVN diff for changes made to enable req/resp tracking and srt for GTPC Build Information: [root< at >sgsnsim2 wireshark]# ./tshark -v TShark 1.1.2 (SVN Rev 26344) Copyright 1998-2008 Gerald Combs <gerald< at >wireshark.org> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled with GLib 2.16.6, with libpcap 0.9.8, with libz 1.2.3, with POSIX capabilities (Linux), without libpcre, without SMI, without c-ares, without ADNS, without Lua, with GnuTLS 2.0.4, with Gcrypt 1.4.0, with MIT Kerberos. NOTE: this build doesn't support the "matches" operator for Wireshark filter syntax. Running on Linux 2.6.26.3-29.fc9.i686, with libpcap version 0.9.8. Built using gcc 4.3.0 20080428 (Red Hat 4.3.0-8). -- This enhancements adds Request-Response tracking for GTP-C Echo, Create PDP, Update PDP and Delete PDP messages. It also adds service response time statistics for the mentioned GTP-C messages. The code is largely based on similar feature found LDAP dissector (epan/dissectors/packet-ldap.c)and LDAP service response time statistics (gtk/ldap_stat.c). bugzilla-daemon< at >wireshark.org 2008-10-06T04:57:32 http://comments.gmane.org/gmane.network.wireshark.bugs/11110 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2940 Summary: Incorrect manifest embedded when compiling Wireshark with MSVC2008 SP1 Product: Wireshark Version: 1.1.x (Experimental) Platform: PC OS/Version: Windows Vista Status: NEW Severity: Blocker Priority: High Component: Wireshark AssignedTo: wireshark-bugs< at >wireshark.org ReportedBy: pascal.quantin< at >gmail.com Build Information: Build Information: Version 1.1.2 Copyright 1998-2008 Gerald Combs <gerald< at >wireshark.org> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled with GTK+ 2.14.3, with GLib 2.18.1, with WinPcap (version unknown), with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8, with c-ares 1.5.3, without ADNS, with Lua 5.1, with GnuTLS 2.3.8, with Gcrypt 1.4.1, with MIT Kerberos, with PortAudio V19-devel (built Oct 2 2008), with AirPcap. Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.0.2 (packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, without AirPcap. Built using Microsoft Visual C++ 9.0 build 30729 Wireshark is Open Source Software released under the GNU General Public License. Check the man page and http://www.wireshark.org for more information. -- According to http://msdn.microsoft.com/en-us/library/cc664727.aspx, starting with MSVC2008 SP1, "when you compile an application, it is bound to the original release version of libraries available. This is true even if you have a later release installed on your computer. For example, if you have Visual C++ 2008 SP1 installed on your computer, any applications that you compile on this computer will still depend on the original release version of Visual C++ 2008." As Wireshark packages the CRT libraries in its installer, this leads to a manifest error when executing the program. To fix this, you must add _BIND_TO_CURRENT_VCLIBS_VERSION = 1 at the preprocessor level. bugzilla-daemon< at >wireshark.org 2008-10-05T19:57:51 http://comments.gmane.org/gmane.network.wireshark.bugs/11099 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2939 Summary: Satusbar cannot be seen Product: Wireshark Version: 1.0.3 Platform: PC OS/Version: Windows XP Status: NEW Severity: Normal Priority: Low Component: Wireshark AssignedTo: wireshark-bugs< at >wireshark.org ReportedBy: jconfenti< at >yahoo.com Build Information: Paste the COMPLETE build information from "Help->About Wireshark", "wireshark -v", or "tshark -v". -- The statusbar is missing i.e. cannot be seen. Even when clicking "View" and then "Statusbar" it is still not there. bugzilla-daemon< at >wireshark.org 2008-10-05T04:37:51 http://comments.gmane.org/gmane.network.wireshark.bugs/11089 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2938 Summary: Addition of live 802.15.4 Capture Support Product: Wireshark Version: SVN Platform: PC OS/Version: Windows XP Status: NEW Severity: Enhancement Priority: Medium Component: Wireshark AssignedTo: wireshark-bugs< at >wireshark.org ReportedBy: coflynn< at >newae.com Colin O'Flynn <coflynn< at >newae.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2310| |review_for_checkin? Flag| | Created an attachment (id=2310) --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2310) Patch against packet-ieee802154.c Build Information: Version 1.0.3-jackdaw (SVN Rev 26134) Copyright 1998-2008 Gerald Combs <gerald< at >wireshark.org> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled with GTK+ 2.12.8, with GLib 2.14.6, with WinPcap (version unknown), with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8, with ADNS, with Lua 5.1, with GnuTLS 2.3.8, with Gcrypt 1.4.1, with MIT Kerberos, with PortAudio V19-devel, with AirPcap. Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.0.2 (packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, without AirPcap. Built using Microsoft Visual C++ 8.0 build 50727 Wireshark is Open Source Software released under the GNU General Public License. Check the man page and http://www.wireshark.org for more information. -- This is a pretty small and simple patch! The idea is that there is now some hardware that can put 802.15.4 frames over ethernet. To do so, the 802.15.4 frames are wrapped in an Ethernet frame, with the Ethtype set to a value indicating the payload is 802.15.4. Since there is no official ETHTYPE designated for the IEEE, the number 0x809A is used in this code. However a preference is added to the "IEEE 802.15.4" type in the preference dialog allowing you to change this ethtype to something else. Fuzz testing passed, though I wouldn't expect it to break anything anyway... The hardware for those interested is the Atmel Raven USB Stick. bugzilla-daemon< at >wireshark.org 2008-10-04T16:01:25 http://comments.gmane.org/gmane.network.wireshark.bugs/11085 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2937 Summary: Incorrect decoding of 3GPP 44.018 Cell Channel Description / Frequency List IEs Product: Wireshark Version: SVN Platform: PC OS/Version: Windows XP Status: NEW Severity: Normal Priority: Low Component: Wireshark AssignedTo: wireshark-bugs< at >wireshark.org ReportedBy: pascal.quantin< at >gmail.com Pascal Quantin <pascal.quantin< at >gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2309| |review_for_checkin? Flag| | Created an attachment (id=2309) --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2309) patch fixing frequency list decoding Build Information: Version 1.1.2 Copyright 1998-2008 Gerald Combs <gerald< at >wireshark.org> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled with GTK+ 2.14.3, with GLib 2.18.1, with WinPcap (version unknown), with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8, with c-ares 1.5.3, without ADNS, with Lua 5.1, with GnuTLS 2.3.8, with Gcrypt 1.4.1, with MIT Kerberos, with PortAudio V19-devel (built Oct 2 2008), with AirPcap. Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.0.2 (packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, without AirPcap. Built using Microsoft Visual C++ 9.0 build 30729 Wireshark is Open Source Software released under the GNU General Public License. Check the man page and http://www.wireshark.org for more information. -- The attached patch fix several bugs in the decoding function to display the Cell Channel Description (44.018 chapter 10.5.2.1b) and the Frequency List (44.018 chapter 10.5.2.13) information elements content. Without this patch the ARFCNs displayed are completely wrong. bugzilla-daemon< at >wireshark.org 2008-10-03T21:59:20 http://comments.gmane.org/gmane.network.wireshark.bugs/11076 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2936 Summary: Integer to pointer conversion compilation warnings in packet-p_mul.c Product: Wireshark Version: SVN Platform: PC OS/Version: Ubuntu Status: NEW Severity: Minor Priority: Low Component: Wireshark AssignedTo: wireshark-bugs< at >wireshark.org ReportedBy: mattias.nissler< at >gmx.de Created an attachment (id=2307) --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2307) Patch to fix the problem by using the GUINT_TO_POINTER macro Build Information: wireshark 1.1.2 (SVN Rev 26345) Copyright 1998-2008 Gerald Combs <gerald< at >wireshark.org> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled with GTK+ 2.12.9, with GLib 2.16.6, with libpcap 0.9.8, with libz 1.2.3.3, without POSIX capabilities, with libpcre 7.4, without SMI, without c-ares, without ADNS, without Lua, with GnuTLS 2.0.4, with Gcrypt 1.2.4, with MIT Kerberos, without PortAudio, without AirPcap. Running on Linux 2.6.27-rc6-wl-mattias_rt2x00-testing, with libpcap version 0.9.8. Built using gcc 4.2.4 (Ubuntu 4.2.4-1ubuntu1). -- Some (gpointer) casts in packet-p_mul.c fail (possibly only in 64 bit environments) and cause compiler warnings which in turn stop compilation due to -Werror being used. bugzilla-daemon< at >wireshark.org 2008-10-03T15:57:22 http://comments.gmane.org/gmane.network.wireshark.bugs/11073 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2935 Summary: New simulcrypt protocol dissector Product: Wireshark Version: SVN Platform: PC OS/Version: Windows XP Status: NEW Severity: Enhancement Priority: Medium Component: Wireshark AssignedTo: wireshark-bugs< at >wireshark.org ReportedBy: david.castleford< at >orange-ftgroup.com David Castleford <david.castleford< at >orange-ftgroup.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2304| |review_for_checkin? Flag| | Created an attachment (id=2304) --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2304) Epan diff file patch for simulcrypt dissector Build Information: Version 1.1.2 (SVN Rev unknown) Copyright 1998-2008 Gerald Combs <gerald< at >wireshark.org> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled with GTK+ 2.14.3, with GLib 2.18.1, with WinPcap (version unknown), with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8, with c-ares 1.5.3, without ADNS, with Lua 5.1, with GnuTLS 2.3.8, with Gcrypt 1.4.1, with MIT Kerberos, with PortAudio V19-devel (built Oct 3 2008), with AirPcap. Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.2 (packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, without AirPcap. Built using Microsoft Visual C++ 8.0 build 50727 Wireshark is Open Source Software released under the GNU General Public License. Check the man page and http://www.wireshark.org for more information. -- Dissector for Simulcrypt protocol over TCP for SCS - ECMG interface as per ETSI TS 103.197 v 1.5.1 bugzilla-daemon< at >wireshark.org 2008-10-03T15:34:33 http://comments.gmane.org/gmane.network.wireshark.bugs/11071 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2934 Summary: Assertion thrown in get_field_hex_value/write_pdml_field_hex_value Product: Wireshark Version: 1.0.3 Platform: Macintosh OS/Version: Mac OS X 10.4 Status: NEW Severity: Normal Priority: Low Component: TShark AssignedTo: wireshark-bugs< at >wireshark.org ReportedBy: dhelder< at >musecurity.com Build Information: TShark 1.0.3 Copyright 1998-2008 Gerald Combs <gerald< at >wireshark.org> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled with GLib 2.14.4, with libpcap 0.9.5, with libz 1.2.3, without POSIX capabilities, without libpcre, without SMI, without ADNS, without Lua, without GnuTLS, with Gcrypt 1.2.4, with MIT Kerberos. NOTE: this build doesn't support the "matches" operator for Wireshark filter syntax. Running on Darwin 8.11.1 (MacOS 10.4.11), with libpcap version 0.9.5. Built using gcc 4.0.1 (Apple Computer, Inc. build 5367). -- In get_field_hex_value/write_pdml_field_hex_value, if fi->ds_tvb is NULL, tvb_length_remaining() will raise an assertion when called with the NULL TVB. One solution is to check if fi->ds_tvb is NULL before calling. Another is to update dissectors so ds_tvb is never NULL. I found this bug using an XDMCP PCAP. The NULL ds_tvb is created in packet-xdmcp.c, line 331. There may be similar issues in packet-kerberos.c and packet-spnego.c. bugzilla-daemon< at >wireshark.org 2008-10-02T20:12:42 http://comments.gmane.org/gmane.network.wireshark.bugs/11069 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2933 Summary: B.A.T.M.A.N. dissector consists of many source files Product: Wireshark Version: SVN Platform: Other OS/Version: All Status: NEW Severity: Normal Priority: Low Component: Wireshark AssignedTo: wireshark-bugs< at >wireshark.org ReportedBy: sven.eckelmann< at >gmx.de Sven Eckelmann <sven.eckelmann< at >gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2300| |review_for_checkin? Flag| | Created an attachment (id=2300) --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2300) Merge B.A.T.M.A.N. dissector in one file Build Information: Paste the COMPLETE build information from "Help->About Wireshark", "wireshark -v", or "tshark -v". -- Single source dissectors seems to be prefered by wireshark developers as you can see in bug 2631. The B.A.T.M.A.N. dissector in wireshark follows the multi file approach. Everything should be merged into epan/dissectors/packet-bat.c and following files should be deleted: epan/dissectors/packet-bat-gw.c epan/dissectors/packet-bat-packet.h epan/dissectors/packet-bat-vis.c epan/dissectors/packet-bat-batman.c bugzilla-daemon< at >wireshark.org 2008-10-02T17:31:30 http://comments.gmane.org/gmane.network.wireshark.bugs/11068 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2932 Summary: "Expert Info Composite" lists same packet multiple times Product: Wireshark Version: SVN Platform: PC OS/Version: All Status: NEW Severity: Normal Priority: Low Component: Wireshark AssignedTo: wireshark-bugs< at >wireshark.org ReportedBy: toralf.foerster< at >gmx.de Created an attachment (id=2299) --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2299) ssl stream Build Information: Paste the COMPLETE build information from "Help->About Wireshark", "wireshark -v", or "tshark -v". -- but should listen a packet only once isn't it ? To reproduce that behaviour pls open the attached stream and click at "Warnings: 1". bugzilla-daemon< at >wireshark.org 2008-10-02T16:52:30 http://comments.gmane.org/gmane.network.wireshark.bugs/11062 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2931 Summary: remember last choice of "Decode as ..." Product: Wireshark Version: SVN Platform: PC OS/Version: All Status: NEW Severity: Enhancement Priority: Low Component: Wireshark AssignedTo: wireshark-bugs< at >wireshark.org ReportedBy: toralf.foerster< at >gmx.de Build Information: Paste the COMPLETE build information from "Help->About Wireshark", "wireshark -v", or "tshark -v". -- would be a nice to have, isn't it ? bugzilla-daemon< at >wireshark.org 2008-10-02T15:41:02 http://comments.gmane.org/gmane.network.wireshark.bugs/11059 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2930 Summary: GIF picture within HTTP stream dissected as malformed PNG image Product: Wireshark Version: SVN Platform: PC OS/Version: All Status: NEW Severity: Major Priority: Low Component: Wireshark AssignedTo: wireshark-bugs< at >wireshark.org ReportedBy: toralf.foerster< at >gmx.de Created an attachment (id=2296) --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2296) http stream Build Information: Paste the COMPLETE build information from "Help->About Wireshark", "wireshark -v", or "tshark -v". -- Attached is a sniffed stream where packet 88 and 92 resepctively contains an image which is dissected as PNG b/c the HTTP headers indicates this. However the "PNG Signature" is "Gif89a" and the packet is marked as malformed. Even if there's an error from the web site - should the dissector try to heuristic detect a GIF image in such cases instead to mark such packets as "malformed" ? bugzilla-daemon< at >wireshark.org 2008-10-02T15:30:55 http://comments.gmane.org/gmane.network.wireshark.bugs/11037 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2929 Summary: Register dircproxy port Product: Wireshark Version: SVN Platform: PC OS/Version: All Status: NEW Severity: Enhancement Priority: Low Component: Wireshark AssignedTo: wireshark-bugs< at >wireshark.org ReportedBy: jelmer< at >samba.org Build Information: Paste the COMPLETE build information from "Help->About Wireshark", "wireshark -v", or "tshark -v". -- The IRC proxy dircproxy and several other IRC proxies listen on port 57000 (assigned by IANA) and speak the IRC protocol. The attached patch registers that port as IRC port. bugzilla-daemon< at >wireshark.org 2008-10-02T00:45:49 http://comments.gmane.org/gmane.network.wireshark.bugs/11036 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2928 Summary: Program won't run Product: Wireshark Version: 1.0.3 Platform: Macintosh OS/Version: Mac OS X 10.5 Status: NEW Severity: Major Priority: High Component: Wireshark AssignedTo: wireshark-bugs< at >wireshark.org ReportedBy: jnovinger< at >celerityinnovations.com Build Information: Paste the COMPLETE build information from "Help->About Wireshark", "wireshark -v", or "tshark -v". -- We are running OS X 10.5.5 X11 loads and WireShark shuts down immediately bugzilla-daemon< at >wireshark.org 2008-10-01T22:51:33 http://comments.gmane.org/gmane.network.wireshark.bugs/11022 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2927 Summary: cannot compile wireshark using instructions from developers guide. Error U1077 Product: Wireshark Version: 1.1.x (Experimental) Platform: PC OS/Version: Windows XP Status: NEW Severity: Normal Priority: Low Component: Wireshark AssignedTo: wireshark-bugs< at >wireshark.org ReportedBy: josh.schneider< at >ge.com Build Information: D:\wireshark>nmake -f Makefile.nmake verify_tools Microsoft (R) Program Maintenance Utility Version 8.00.50727.42 Copyright (C) Microsoft Corporation. All rights reserved. Checking for required applications: cl: /cygdrive/c/Program Files/Microsoft Visual Studio 8/VC/BIN/cl link: /cygdrive/c/Program Files/Microsoft Visual Studio 8/VC/BIN/link nmake: /cygdrive/c/Program Files/Microsoft Visual Studio 8/VC/BIN/nmake bash: /usr/bin/bash bison: /usr/bin/bison flex: /usr/bin/flex env: /usr/bin/env grep: /usr/bin/grep /usr/bin/find: /usr/bin/find perl: /usr/bin/perl C:/python24/python.exe: /cygdrive/c/python24/python.exe sed: /usr/bin/sed unzip: /usr/bin/unzip wget: /usr/bin/wget -- Hello, I am trying to get the initial build of wireshark to work on my Windows XP machine. I have installed all the programs and packages that the developers guide instructs. I am using the recommended compiler and SDK (C compiler: "Microsoft Visual C++ 2005 Express Edition" Platform SDK : "Microsoft Platform SDK Server 2003 R2") * The initial installation/configuration of python/cygwin/express edition/sdk/ all went successfully. * Used tortoise SVN to check out the software. * Ran the cmd.exe commands to configure cmd.exe * Ran all verify tool steps and installed libraries = success * In Section 2.2.10 Build Wiresharkof the developers guide ran the make command "nmake -f Makefile.nmake all" When compiling I get an error with 'packet-erf.c' NMAKE : fatal error U1077: '"C:\Program Files\Microsoft Visual Studio 8\VC\BIN\n make.exe"' : return code '0x2' then trying to ignore this error i appended '/i' to the command "nmake -f Makefile.nmake all" statement. I got the the additional error along with the error U1077 packet-erf.c(458) : error C2220: warning treated as error - no 'object' file gen erated Is there something I am missing with my setup that is hindering this compile? bugzilla-daemon< at >wireshark.org 2008-10-01T16:00:26 http://comments.gmane.org/gmane.network.wireshark.bugs/11019 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2926 Summary: assertion on malformed .ncf file (from milw0rm) Product: Wireshark Version: 1.0.3 Platform: All OS/Version: All Status: NEW Severity: Major Priority: Low Component: Wireshark AssignedTo: wireshark-bugs< at >wireshark.org ReportedBy: jeff.morriss.ws< at >gmail.com Created an attachment (id=2293) --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2293) malformed .ncf file Build Information: TShark 1.1.2 (SVN Rev 26326) Copyright 1998-2008 Gerald Combs <gerald< at >wireshark.org> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled with GLib 2.14.6, with libpcap 0.9.7, with libz 1.2.3, with POSIX capabilities (Linux), without libpcre, without SMI, without c-ares, without ADNS, without Lua, with GnuTLS 1.6.3, with Gcrypt 1.2.4, with MIT Kerberos. NOTE: this build doesn't support the "matches" operator for Wireshark filter syntax. Running on Linux 2.6.25.4-10.fc8, with libpcap version 0.9.7. Built using gcc 4.1.2 20070925 (Red Hat 4.1.2-33). -- I was informed that the site milw0rm.com had a DoS against Wireshark, detailed here: http://www.milw0rm.com/exploits/6622 with the offending attachment here (and also attached to this bug report): http://milw0rm.com/sploits/2008-wireshark.ncf Wiretap is asserting out. bugzilla-daemon< at >wireshark.org 2008-10-01T13:28:35 http://comments.gmane.org/gmane.network.wireshark.bugs/11015 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2925 Summary: EditCap and TShark cannot convert "NetScreen snoop text file" format to libpcap; Wireshark can Product: Wireshark Version: 1.0.3 Platform: PC OS/Version: Windows XP Status: NEW Severity: Normal Priority: Medium Component: TShark AssignedTo: wireshark-bugs< at >wireshark.org ReportedBy: okrasz_news< at >o2.pl Build Information: TShark 1.0.3 (SVN Rev 26134) Copyright 1998-2008 Gerald Combs <gerald< at >wireshark.org> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled with GLib 2.14.6, with WinPcap (version unknown), with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8, with ADNS, with Lua 5.1, with GnuTLS 2.3.8, with Gcrypt 1.4.1, with MIT Kerberos. Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.0.2 (packet.dll version 4.0.0.1040), based on libpcap version 0.9.5. Built using Microsoft Visual C++ 6.0 build 8804 -- EditCap as well as TShark is not able to convert "NetScreen snoop text file" to a libpcap format. Suprisingly Wireshark is able to do it (when you use "File -> Save as"). Please try converting attached trace with following commands: C:\>"Program Files\Wireshark\editcap.exe" -F libpcap NetScreen.txt t.pcap editcap: Can't open or create t.pcap: Files from that network type can't be save d in that format C:\>"Program Files\Wireshark\tshark.exe" -F libpcap -r NetScreen.txt -w t.pcap tshark: The capture file being read can't be written in that format. bugzilla-daemon< at >wireshark.org 2008-10-01T12:29:27 http://comments.gmane.org/gmane.network.wireshark.bugs/11009 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2924 Summary: Bluetooth HCI memory corruption Product: Wireshark Version: 1.0.3 Platform: PC OS/Version: All Status: NEW Severity: Major Priority: Low Component: Wireshark AssignedTo: wireshark-bugs< at >wireshark.org ReportedBy: david.maciejak< at >gmail.com Created an attachment (id=2289) --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2289) poc_bthci_pcap Build Information: wireshark 1.0.3 Copyright 1998-2008 Gerald Combs <gerald< at >wireshark.org> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled with GTK+ 2.12.9, with GLib 2.16.4, with libpcap 0.9.5, with libz 1.2.3.3, with POSIX capabilities (Linux), with libpcre 7.4, with SMI 0.4.5, with ADNS, without Lua, with GnuTLS 2.0.4, with Gcrypt 1.2.4, with MIT Kerberos, without PortAudio, without AirPcap. Running on Linux 2.6.24-19-generic, with libpcap version 0.9.5. Built using gcc 4.2.3 (Ubuntu 4.2.3-2ubuntu7). -- Got a segfault when trying to open the malformed traffic poc attached. Below the gdb trace: [Thread debugging using libthread_db enabled] [New Thread 0xb581e740 (LWP 8082)] 10:24:27 Warn radius: Could not find the radius directory *** glibc detected *** /home/koma/Desktop/wireshark-1.0.3/.libs/lt-wireshark: malloc(): memory corruption: 0x086fdd70 *** ======= Backtrace: ========= /lib/tls/i686/cmov/libc.so.6[0xb5c4b356] /lib/tls/i686/cmov/libc.so.6(__libc_malloc+0x8d)[0xb5c4ccad] /usr/lib/libglib-2.0.so.0(g_malloc+0x2d)[0xb5f75dcd] /home/koma/Desktop/wireshark-1.0.3/epan/.libs/libwireshark.so.0(se_alloc+0x2f)[0xb698cb4f] /home/koma/Desktop/wireshark-1.0.3/epan/.libs/libwireshark.so.0(emem_tree_insert32+0x76)[0xb698db56] /home/koma/Desktop/wireshark-1.0.3/epan/.libs/libwireshark.so.0[0xb6aa3538] /home/koma/Desktop/wireshark-1.0.3/epan/.libs/libwireshark.so.0[0xb6997304] /home/koma/Desktop/wireshark-1.0.3/epan/.libs/libwireshark.so.0[0xb6997a87] /home/koma/Desktop/wireshark-1.0.3/epan/.libs/libwireshark.so.0(dissector_try_port+0x69)[0xb6998d59] /home/koma/Desktop/wireshark-1.0.3/epan/.libs/libwireshark.so.0[0xb6c3cb36] /home/koma/Desktop/wireshark-1.0.3/epan/.libs/libwireshark.so.0[0xb6997304] /home/koma/Desktop/wireshark-1.0.3/epan/.libs/libwireshark.so.0[0xb6997a87] /home/koma/Desktop/wireshark-1.0.3/epan/.libs/libwireshark.so.0(dissector_try_port+0x69)[0xb6998d59] /home/koma/Desktop/wireshark-1.0.3/epan/.libs/libwireshark.so.0[0xb6be75a9] /home/koma/Desktop/wireshark-1.0.3/epan/.libs/libwireshark.so.0[0xb6997304] /home/koma/Desktop/wireshark-1.0.3/epan/.libs/libwireshark.so.0[0xb6997a87] /home/koma/Desktop/wireshark-1.0.3/epan/.libs/libwireshark.so.0(call_dissector+0x40)[0xb6997c30] /home/koma/Desktop/wireshark-1.0.3/epan/.libs/libwireshark.so.0(dissect_packet+0x40b)[0xb69998ab] /home/koma/Desktop/wireshark-1.0.3/epan/.libs/libwireshark.so.0(epan_dissect_run+0x44)[0xb698e954] /home/koma/Desktop/wireshark-1.0.3/.libs/lt-wireshark[0x807488f] /home/koma/Desktop/wireshark-1.0.3/.libs/lt-wireshark[0x8075ea1] /home/koma/Desktop/wireshark-1.0.3/.libs/lt-wireshark(cf_read+0x658)[0x80767d8] /home/koma/Desktop/wireshark-1.0.3/.libs/lt-wireshark(main+0xdfe)[0x808c56e] /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe0)[0xb5bf5450] /home/koma/Desktop/wireshark-1.0.3/.libs/lt-wireshark(register_all_protocols+0x5c9)[0x8066151] ======= Memory map: ======== 08048000-08184000 r-xp 00000000 08:03 344797 /home/koma/Desktop/wireshark-1.0.3/.libs/lt-wireshark 08184000-08195000 rw-p 0013c000 08:03 344797 /home/koma/Desktop/wireshark-1.0.3/.libs/lt-wireshark 08195000-08931000 rw-p 08195000 00:00 0 [heap] b4000000-b4021000 rw-p b4000000 00:00 0 b4021000-b4100000 ---p b4021000 00:00 0 b4122000-b4731000 r--p 00000000 08:03 2474068 /usr/share/icons/hicolor/icon-theme.cache b4731000-b4ea1000 r--p 00000000 08:03 2474155 /usr/share/icons/gnome/icon-theme.cache b4ea1000-b4f4c000 r--p 00000000 08:03 2474850 /usr/share/icons/Tangerine/icon-theme.cache b4f4c000-b50b2000 r--p 00000000 08:03 2474878 /usr/share/icons/Human/icon-theme.cache b50b2000-b5134000 rw-p b50b2000 00:00 0 b5134000-b5180000 r--p 00000000 08:03 2375708 /usr/share/fonts/truetype/ttf-dejavu/DejaVuSansMono.ttf b5180000-b51bb000 rw-p b51a4000 00:00 0 b51c7000-b52cb000 rw-p b51c7000 00:00 0 b52cb000-b535c000 r--p 00000000 08:03 2375706 /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf b535c000-b5460000 rw-p b535c000 00:00 0 b5460000-b54e7000 r--p 00000000 08:03 2375707 /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans-Bold.ttf b54e7000-b54e9000 r-xp 00000000 08:03 2294667 /usr/lib/pango/1.6.0/modules/pango-basic-fc.so b54e9000-b54ea000 rw-p 00001000 08:03 2294667 /usr/lib/pango/1.6.0/modules/pango-basic-fc.so b54ea000-b54f0000 r--s 00000000 08:03 984029 /var/cache/fontconfig/945677eb7aeaf62f1d50efc3fb3ec7d8-x86.cache-2 b54f0000-b54f3000 r--s 00000000 08:03 984171 /var/cache/fontconfig/e383d7ea5fbe662a33d9b44caf393297-x86.cache-2 b54f3000-b54f4000 r--s 00000000 08:03 984170 /var/cache/fontconfig/fd9505950c048a77dc4b710eb6a628ed-x86.cache-2 b54f4000-b54f6000 r--s 00000000 08:03 984169 /var/cache/fontconfig/ddc79d3ea06a7c6ffa86ede85f3bb5df-x86.cache-2 b54f6000-b54f7000 r--s 00000000 08:03 984168 /var/cache/fontconfig/e3fa16a14183b06aa45b3e009278fd14-x86.cache-2 b54f7000-b54f8000 r--s 00000000 08:03 984167 /var/cache/fontconfig/e7071f4a29fa870f4323321c154eba04-x86.cache-2 b54f8000-b54f9000 r--s 00000000 08:03 984166 /var/cache/fontconfig/a2ab74764b07279e7c36ddb1d302cf26-x86.cache-2 b54f9000-b54fd000 r--s 00000000 08:03 984165 /var/cache/fontconfig/921a30a17f0be15c70ac14043cb7a739-x86.cache-2 b54fd000-b54fe000 r--s 00000000 08:03 984164 /var/cache/fontconfig/c69f04ab05004e31a6d5e715764f16d8-x86.cache-2 b54fe000-b54ff000 r--s 00000000 08:03 984163 /var/cache/fontconfig/4c73fe0c47614734b17d736dbde7580a-x86.cache-2 b54ff000-b5501000 r--s 00000000 08:03 984162 /var/cache/fontconfig/646addb8444faa74ee138aa00ab0b6a0-x86.cache-2 b5501000-b5504000 r--s 00000000 08:03 984161 /var/cache/fontconfig/a755afe4a08bf5b97852ceb7400b47bc-x86.cache-2 b5504000-b5506000 r--s 00000000 08:03 984160 /var/cache/fontconfig/20bd79ad97094406f7d1b9654bfbd926-x86.cache-2 b5506000-b5508000 r--s 00000000 08:03 984159 /var/cache/fontconfig/9c0624108b9a2ae8552f664125be8356-x86.cache-2 b5508000-b550f000 r--s 00000000 08:03 984158 /var/cache/fontconfig/6d41288fd70b0be22e8c3a91e032eec0-x86.cache-2 b550f000-b5512000 r--s 00000000 08:03 984157 /var/cache/fontconfig/de156ccd2eddbdc19d37a45b8b2aac9c-x86.cache-2 b5512000-b5514000 r--s 00000000 08:03 984156 /var/cache/fontconfig/da1bd5ca8443ffe22927a23ce431d198-x86.cache-2 b5514000-b551c000 r--s 00000000 08:03 984155 /var/cache/fontconfig/e3de0de479f42330eadf588a55fb5bf4-x86.cache-2 b551c000-b5524000 r--s 00000000 08:03 984149 /var/cache/fontconfig/0f34bcd4b6ee430af32735b75db7f02b-x86.cache-2 b5524000-b5525000 r--s 00000000 08:03 984148 /var/cache/fontconfig/4794a0821666d79190d59a36cb4f44b5-x86.cache-2 b5525000-b5528000 r--s 00000000 08:03 984048 /var/cache/fontconfig/de9486f0b47a4d768a594cb4198cb1c6-x86.cache-2 b5528000-b552f000 r--s 00000000 08:03 984046 /var/cache/fontconfig/d52a8644073d54c13679302ca1180695-x86.cache-2 b552f000-b5532000 r--s 00000000 08:03 984006 /var/cache/fontconfig/6386b86020ecc1ef9690bb720a13964f-x86.cache-2 b5532000-b553b000 r--s 00000000 08:03 983534 /var/cache/fontconfig/089dead882dea3570ffc31a9898cfb69-x86.cache-2 b553b000-b559b000 rw-s 00000000 00:09 120553493 /SYSV00000000 (deleted) b559b000-b55a4000 r-xp 00000000 08:03 6471841 /lib/tls/i686/cmov/libnss_files-2.7.so b55a4000-b55a6000 rw-p 00008000 08:03 6471841 /lib/tls/i686/cmov/libnss_files-2.7.so b55a6000-b55ae000 r-xp 00000000 08:03 6471843 /lib/tls/i686/cmov/libnss_nis-2.7.so b55ae000-b55b0000 rw-p 00007000 08:03 6471843 /lib/tls/i686/cmov/libnss_nis-2.7.so b55b0000-b55c4000 r-xp 00000000 08:03 6471838 /lib/tls/i686/cmov/libnsl-2.7.so b55c4000-b55c6000 rw-p 00013000 08:03 6471838 /lib/tls/i686/cmov/libnsl-2.7.so b55c6000-b55c8000 rw-p b55c6000 00:00 0 b55c8000-b55cf000 r-xp 00000000 08:03 6471839 /lib/tls/i686/cmov/libnss_compat-2.7.so b55cf000-b55d1000 rw-p 00006000 08:03 6471839 /lib/tls/i686/cmov/libnss_compat-2.7.so b55d3000-b55d4000 rw-p b55d3000 00:00 0 b55d4000-b55d6000 r--s 00000000 08:03 983594 /var/cache/fontconfig/e13b20fdb08344e0e664864cc2ede53d-x86.cache-2 b55d6000-b55e7000 r-xp 00000000 08:03 2195708 /usr/lib/gtk-2.0/2.10.0/engines/libubuntulooks.so b55e7000-b55e8000 rw-p 00011000 08:03 2195708 /usr/lib/gtk-2.0/2.10.0/engines/libubuntulooks.so b55e8000-b5627000 r--p 00000000 08:03 1949697 /usr/lib/locale/en_US.utf8/LC_CTYPE b5627000-b5628000 r--p 00000000 08:03 2212776 /usr/lib/locale/en_US.utf8/LC_NUMERIC b5628000-b5629000 r--p 00000000 08:03 2211921 /usr/lib/locale/en_US.utf8/LC_TIME b5629000-b570a000 r--p 00000000 08:03 1949698 /usr/lib/locale/en_US.utf8/LC_COLLATE b570a000-b5821000 rw-p b570a000 00:00 0 b5821000-b5825000 r-xp 00000000 08:03 2147173 /usr/lib/libXdmcp.so.6.0.0 b5825000-b5826000 rw-p 00003000 08:03 2147173 /usr/lib/libXdmcp.so.6.0.0 b5826000-b5827000 rw-p b5826000 00:00 0 b5827000-b5829000 r-xp 00000000 08:03 2146327 /usr/lib/libXau.so.6.0.0 b5829000-b582a000 rw-p 00001000 08:03 2146327 /usr/lib/libXau.so.6.0.0 b582a000-b5849000 r-xp 00000000 08:03 2147435 /usr/lib/ Program received signal SIGABRT, Aborted. [Switching to Thread 0xb581e740 (LWP 8082)] 0xb7f61410 in __kernel_vsyscall () (gdb) backtrace #0 0xb7f61410 in __kernel_vsyscall () #1 0xb5c0a085 in raise () from /lib/tls/i686/cmov/libc.so.6 #2 0xb5c0ba01 in abort () from /lib/tls/i686/cmov/libc.so.6 #3 0xb5c42b7c in ?? () from /lib/tls/i686/cmov/libc.so.6 #4 0xb5c4b356 in ?? () from /lib/tls/i686/cmov/libc.so.6 #5 0xb5c4ccad in malloc () from /lib/tls/i686/cmov/libc.so.6 #6 0xb5f75dcd in g_malloc () from /usr/lib/libglib-2.0.so.0 #7 0xb698cb4f in se_alloc (size=24) at emem.c:484 #8 0xb698db56 in emem_tree_insert32 (se_tree=0x8859230, key=15, data=0x86fde30) at emem.c:1222 #9 0xb6aa3538 in dissect_btacl (tvb=0x8874248, pinfo=0x884c4d0, tree=0x89116d8) at packet-bthci_acl.c:175 #10 0xb6997304 in call_dissector_through_handle (handle=0x83c5070, tvb=0x8874248, pinfo=0x884c4d0, tree=0x89116d8) at packet.c:396 #11 0xb6997a87 in call_dissector_work (handle=0x83c5070, tvb=0x8874248, pinfo_arg=0x884c4d0, tree=0x89116d8) at packet.c:485 #12 0xb6998d59 in dissector_try_port (sub_dissectors=0x84bcac8, port=2, tvb=0x8874248, pinfo=0x884c4d0, tree=0x89116d8) at packet.c:870 #13 0xb6c3cb36 in dissect_hci_h4 (tvb=0x8874210, pinfo=0x884c4d0, tree=0x89116d8) at packet-hci_h4.c:95 #14 0xb6997304 in call_dissector_through_handle (handle=0x84bcab0, tvb=0x8874210, pinfo=0x884c4d0, tree=0x89116d8) at packet.c:396 #15 0xb6997a87 in call_dissector_work (handle=0x84bcab0, tvb=0x8874210, pinfo_arg=0x884c4d0, tree=0x89116d8) at packet.c:485 #16 0xb6998d59 in dissector_try_port (sub_dissectors=0x845a620, port=41, tvb=0x8874210, pinfo=0x884c4d0, tree=0x89116d8) at packet.c:870 #17 0xb6be75a9 in dissect_frame (tvb=0x8874210, pinfo=0x884c4d0, parent_tree=0x89116d8) at packet-frame.c:305 #18 0xb6997304 in call_dissector_through_handle (handle=0x845a690, tvb=0x8874210, pinfo=0x884c4d0, tree=0x89116d8) at packet.c:396 #19 0xb6997a87 in call_dissector_work (handle=0x845a690, tvb=0x8874210, pinfo_arg=0x884c4d0, tree=0x89116d8) at packet.c:485 #20 0xb6997c30 in call_dissector (handle=0x845a690, tvb=0x8874210, pinfo=0x884c4d0, tree=0x89116d8) at packet.c:1787 #21 0xb69998ab in dissect_packet (edt=0x884c4c8, pseudo_header=0x888c274, pd=0x88fd188 "\002) %s\027", fd=0x891a9c0, cinfo=0x81b96bc) at packet.c:332 #22 0xb698e954 in epan_dissect_run (edt=0x884c4c8, pseudo_header=0x888c274, data=0x88fd188 "\002) %s\027", fd=0x891a9c0, cinfo=0x81b96bc) at epan.c:161 #23 0x0807488f in add_packet_to_packet_list (fdata=0x891a9c0, cf=0x81a95a0, dfcode=0x0, pseudo_header=0x888c274, buf=0x88fd188 "\002) %s\027", refilter=1) at file.c:966 #24 0x08075ea1 in read_packet (cf=0x81a95a0, dfcode=0x0, offset=487) at file.c:1103 #25 0x080767d8 in cf_read (cf=0x81a95a0) at file.c:497 #26 0x0808c56e in main (argc=Cannot access memory at address 0x0 ) at main.c:3123 Seems the problem ocurs in epan/dissectors/packet-bthci_acl.c line 175 when calling "se_tree_insert32(chandle_data->start_fragments, pinfo->fd->num, mfp);" which called a malloc in emem.c Regards, David Maciejak Fortinet's FortiGuard Global Security Research Team bugzilla-daemon< at >wireshark.org 2008-10-01T08:38:14 Search the mailing list at Gmane query http://search.gmane.org/?group=$group=gmane.network.wireshark.bugs