[Wireshark-bugs] [Bug 15132] Invalid write in dissect_segment_ofstable()

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15132

--- Comment #3 from Gerrit Code Review  ---
Change 30300 merged by Anders Broman:
LBMPDM: fix heap-buffer-overflow (write) in dissect_segment_ofstable

https://code.wireshark.org/review/30300

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15234] New: Add CableLabs vendor option /* 61 */ CCAP-CORES to packet-dhcpv6.c

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15234

Bug ID: 15234
   Summary: Add CableLabs vendor option /* 61 */ CCAP-CORES to
packet-dhcpv6.c
   Product: Wireshark
   Version: Git
  Hardware: All
OS: All
Status: UNCONFIRMED
  Severity: Enhancement
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: jfor...@cisco.com
  Target Milestone: ---

Created attachment 16672
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16672=edit
Exported DHCPv6 packets from trace

Build Information:
Wireshark 2.6.4 (v2.6.4)

Copyright 1998-2018 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later

This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.11.2, with libpcap, without POSIX capabilities,
with
GLib 2.58.1, with zlib 1.2.11, with SMI 0.5.0, with c-ares 1.14.0, with Lua
5.2.4, with GnuTLS 3.5.19, with Gcrypt 1.8.3, with MIT Kerberos, without
MaxMind
DB resolver, without nghttp2, with LZ4, without Snappy, without libxml2, with
QtMultimedia, without SBC, without SpanDSP, without bcg729.

Running on Mac OS X 10.14, build 18A391 (Darwin 18.0.0), with Intel(R) Core(TM)
i5-7267U CPU @ 3.10GHz (with SSE4.2), with 8192 MB of physical memory, with
locale en_US.UTF-8, with libpcap version 1.9.0-PRE-GIT, with GnuTLS 3.5.19,
with
Gcrypt 1.8.3, with zlib 1.2.11, binary plugins supported (0 loaded).

Built using clang 4.2.1 Compatible Apple LLVM 10.0.0 (clang-1000.11.45.2).

--
CableLabs DHCPv6 option 61 (0x3d) "CCAP-CORES" needs to be added for the
CableLabs Remote PHY (R-PHY) devices.

I have built 2.6.4 on Linux and this diff works fine. Building on MAC to test
as well.

--- epan/dissectors/packet-dhcpv6.orig  2018-10-22 19:55:03.0 -0400
+++ epan/dissectors/packet-dhcpv6.c 2018-10-22 19:55:17.0 -0400
@@ -624,6 +624,7 @@
 #define CL_OPTION_RFC868_SERVERS  0x0025 /* 37 */
 #define CL_OPTION_TIME_OFFSET 0x0026 /* 38 */
 #define CL_OPTION_IP_PREF 0x0027 /* 39 */
+#define CL_OPTION_CCAP_CORES  0x003D /* 61 */

 /** CableLabs DOCSIS Project Vendor Specific Options */
 #define CL_OPTION_DOCS_CMTS_CAP 0x0401  /* 1025 */
@@ -655,6 +656,7 @@
 /*   35 */ { CL_OPTION_TLV5,"TLV5 = " },
 /*   36 */ { CL_OPTION_DEVICE_ID,   "Device Identifier = " },
 /*   37 */ { CL_OPTION_RFC868_SERVERS,  "Time Protocol Servers : "
},
+/*   61 */ { CL_OPTION_CCAP_CORES,  "CCAP-CORES : " },
 /*   38 */ { CL_OPTION_TIME_OFFSET, "Time Offset = " },
 /*   39 */ { CL_OPTION_IP_PREF, "IP preference : " },
 /* 1025 */ { CL_OPTION_DOCS_CMTS_CAP,   "CMTS Capabilities Option
: " },
@@ -1166,6 +1168,7 @@
 case CL_OPTION_TFTP_SERVERS:
 case CL_OPTION_SYSLOG_SERVERS:
 case CL_OPTION_RFC868_SERVERS:
+case CL_OPTION_CCAP_CORES:
 field_len = 16;
 opt_len = tlv_len;
 subtree = proto_item_add_subtree(ti,
ett_dhcpv6_vendor_option);

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15233] New: Buildbot crash output: fuzz-2018-10-22-22592.pcap

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15233

Bug ID: 15233
   Summary: Buildbot crash output: fuzz-2018-10-22-22592.pcap
   Product: Wireshark
   Version: unspecified
  Hardware: x86-64
OS: Ubuntu
Status: CONFIRMED
  Severity: Major
  Priority: High
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: buildbot-do-not-re...@wireshark.org
  Target Milestone: ---

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2018-10-22-22592.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/11750-WSMPv2.pcap

Build host information:
Linux wsbb04 4.15.0-36-generic #39-Ubuntu SMP Mon Sep 24 16:19:09 UTC 2018
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description:Ubuntu 18.04.1 LTS
Release:18.04
Codename:   bionic

Buildbot information:
BUILDBOT_WORKERNAME=clang-code-analysis
BUILDBOT_BUILDNUMBER=4935
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_REPOSITORY=ssh://wireshark-build...@code.wireshark.org:29418/wireshark
BUILDBOT_GOT_REVISION=9c45fbcd08f9e4fd1d2e108e8669bf2d00426e90

Return value:  0

Dissector bug:  0

Valgrind error count:  1



Git commit
commit 9c45fbcd08f9e4fd1d2e108e8669bf2d00426e90
Author: Peter Wu 
Date:   Mon Oct 22 14:43:43 2018 +0200

debian-setup: install GLib development headers

Previously installed as transitive dependency of libgtk2.0-dev.
Installed as transitive dependency of libjson-glib-dev since
v2.9.0rc0-201-g511c2e166a, but this is an optional package.

Change-Id: Id4b8523b2d614d273fdb71e91878d4d1a4518572
Fixes: v2.9.0rc0-310-gf23a934492 ("Don't install autotools or GTK+, but do
install CMake.")
Reviewed-on: https://code.wireshark.org/review/30336
Reviewed-by: Anders Broman 


Command and args: ./tools/valgrind-wireshark.sh -b
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin
 
==28078== Memcheck, a memory error detector
==28078== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==28078== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==28078== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2018-10-22-22592.pcap
==28078== 
==28078== Conditional jump or move depends on uninitialised value(s)
==28078==at 0x775F53A: dissect_wsmp (packet-wsmp.c:481)
==28078==by 0x80A3A97: call_dissector_through_handle (packet.c:706)
==28078==by 0x809F7A9: call_dissector_work (packet.c:791)
==28078==by 0x809F5B7: dissector_try_uint_new (packet.c:1383)
==28078==by 0x809F8E9: dissector_try_uint (packet.c:1407)
==28078==by 0x6DD563E: dissect_ethertype (packet-ethertype.c:260)
==28078==by 0x80A3A97: call_dissector_through_handle (packet.c:706)
==28078==by 0x809F7A9: call_dissector_work (packet.c:791)
==28078==by 0x80A2742: call_dissector_only (packet.c:3141)
==28078==by 0x809E1C4: call_dissector_with_data (packet.c:3154)
==28078==by 0x6DD4940: dissect_eth_common (packet-eth.c:527)
==28078==by 0x6DD321A: dissect_eth (packet-eth.c:803)
==28078== 
==28078== 
==28078== HEAP SUMMARY:
==28078== in use at exit: 54,863 bytes in 478 blocks
==28078==   total heap usage: 345,295 allocs, 344,817 frees, 39,401,300 bytes
allocated
==28078== 
==28078== LEAK SUMMARY:
==28078==definitely lost: 0 bytes in 0 blocks
==28078==indirectly lost: 0 bytes in 0 blocks
==28078==  possibly lost: 1,352 bytes in 18 blocks
==28078==still reachable: 52,708 bytes in 427 blocks
==28078==   of which reachable via heuristic:
==28078== newarray   : 1,536 bytes in 16 blocks
==28078== suppressed: 803 bytes in 33 blocks
==28078== Rerun with --leak-check=full to see details of leaked memory
==28078== 
==28078== For counts of detected and suppressed errors, rerun with: -v
==28078== Use --track-origins=yes to see where uninitialised values come from
==28078== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

[ no debug trace ]

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15232] New: Buildbot crash output: fuzz-2018-10-21-27858.pcap

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15232

Bug ID: 15232
   Summary: Buildbot crash output: fuzz-2018-10-21-27858.pcap
   Product: Wireshark
   Version: unspecified
  Hardware: x86-64
OS: Ubuntu
Status: CONFIRMED
  Severity: Major
  Priority: High
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: buildbot-do-not-re...@wireshark.org
  Target Milestone: ---

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2018-10-21-27858.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/1847-Arada_WSA_Captures.cap

Build host information:
Linux wsbb04 4.15.0-36-generic #39-Ubuntu SMP Mon Sep 24 16:19:09 UTC 2018
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description:Ubuntu 18.04.1 LTS
Release:18.04
Codename:   bionic

Buildbot information:
BUILDBOT_WORKERNAME=clang-code-analysis
BUILDBOT_BUILDNUMBER=4934
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_REPOSITORY=ssh://wireshark-build...@code.wireshark.org:29418/wireshark
BUILDBOT_GOT_REVISION=2a9deba59564c9a90c17062999bc7a6e10225ac9

Return value:  0

Dissector bug:  0

Valgrind error count:  0



Git commit
commit 2a9deba59564c9a90c17062999bc7a6e10225ac9
Author: AndersBroman 
Date:   Thu Oct 18 16:55:41 2018 +0200

IEEE 1609.2 dissector converted from per to oer by hand

- Change per -> oer
- constraned integer 64 bits with upper bound NO_BOUND hand converted
- hf variables commented out.
- constrained integer fn changed to handle >= 0 ( Negative values)
- Pragma to handle unused functions.

Bug: 13766
Change-Id: Ia00d3aa0e4c27c0303366f14b97a1ebf9e39af3d
Reviewed-on: https://code.wireshark.org/review/30248
Petri-Dish: Anders Broman 
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman 


Command and args:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark
 -nVxr
=
==32251==ERROR: AddressSanitizer: global-buffer-overflow on address
0x7fc6524f2178 at pc 0x7fc64f37df76 bp 0x7fffc74682c0 sp 0x7fffc74682b8
READ of size 4 at 0x7fc6524f2178 thread T0
#0 0x7fc64f37df75 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0x9064f75)
#1 0x7fc64f37d441 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0x9064441)
#2 0x7fc64f3704e8 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0x90574e8)
#3 0x7fc64f36cf7a 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0x9053f7a)
#4 0x7fc64f368300 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0x904f300)
#5 0x7fc64f3620d7 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0x90490d7)
#6 0x7fc64f33bf0b 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0x9022f0b)
#7 0x7fc6515707b4 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xb2577b4)
#8 0x7fc651565c31 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xb24cc31)
#9 0x7fc65156cffc 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xb253ffc)
#10 0x7fc651561e64 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xb248e64)
#11 0x7fc64f31f369 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0x9006369)
#12 0x7fc6515707b4 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xb2577b4)
#13 0x7fc651565c31 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xb24cc31)
#14 0x7fc65156cffc 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xb253ffc)
#15 0x7fc651561e64 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xb248e64)
#16 0x7fc64f31c6b8 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0x90036b8)
#17 0x7fc6515707b4 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xb2577b4)
#18 0x7fc651565c31 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xb24cc31)
#19 

[Wireshark-bugs] [Bug 14368] Ability to disable typeahead displays

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14368

Michael Mann  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|UNCONFIRMED |RESOLVED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15231] [oss-fuzz] ASAN: 22 bytes leaked in epan/dissectors/packet-rtp-ed137.c:688

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15231

--- Comment #4 from Peter Wu  ---
>   Even one branch is "ntp based", it doesn't mean time is ntp/absolute. It
> just says where send got time reference. Time in packet is just counter
> derived from ntp, but it don't contain all ntp related items.

So are both times effectively relative?

>   I have sample for both cases. I can attach it to the case.

Yes please :-)

>   Who should commit change - you or me?

It would be great if you could push a patch for review, thanks for looking into
it!

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15231] [oss-fuzz] ASAN: 22 bytes leaked in epan/dissectors/packet-rtp-ed137.c:688

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15231

--- Comment #3 from Jiri Novak  ---
Hi Peter,

  yes, this fix will work.

  You are right that both branches are same. I created the first one without
sample data and then added content of second one, but didn't cleaned the code.

  Even one branch is "ntp based", it doesn't mean time is ntp/absolute. It just
says where send got time reference. Time in packet is just counter derived from
ntp, but it don't contain all ntp related items.

  I have sample for both cases. I can attach it to the case.

  Who should commit change - you or me?

Best regards,

Jirka Novak

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15231] [oss-fuzz] ASAN: 22 bytes leaked in epan/dissectors/packet-rtp-ed137.c:688

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15231

Peter Wu  changed:

   What|Removed |Added

Summary|[oss-fuzz] ASAN: 22 byte(s) |[oss-fuzz] ASAN: 22 bytes
   |leaked in 1 allocation(s).  |leaked in
   ||epan/dissectors/packet-rtp-
   ||ed137.c:688
 CC||j.no...@netsystem.cz

--- Comment #2 from Peter Wu  ---
Hi Jiri, the memleak is rather trivial and could be solved by replacing:

tmp = rel_time_to_secs_str(NULL, _time);

by

tmp = rel_time_to_secs_str(wmem_packet_scope(), _time);

However I think that the process_time_value function can be further cleaned up.
Both branches are equivalent (except for the comment). If that is intentional,
then one of them should be removed.

Though if the NTP value is absolute, shouldn't it be using abs_time_to_str
instead? (That will not display a time in seconds, but in a more human-readable
form).

Do you have a packet capture file that contains both forms? Any suggestion on
the correct form?

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15231] [oss-fuzz] ASAN: 22 byte(s) leaked in 1 allocation(s).

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15231

--- Comment #1 from Peter Wu  ---
Created attachment 16671
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16671=edit
Packet capture file

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15231] New: [oss-fuzz] ASAN: 22 byte(s) leaked in 1 allocation(s).

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15231

Bug ID: 15231
   Summary: [oss-fuzz] ASAN: 22 byte(s) leaked in 1 allocation(s).
   Product: Wireshark
   Version: Git
  Hardware: x86-64
   URL: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=
11094
OS: Linux
Status: CONFIRMED
  Severity: Major
  Priority: High
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: pe...@lekensteyn.nl
  Target Milestone: ---

Build Information:
TShark (Wireshark) 2.9.0 (v2.9.0rc0-2303-g6a9d6431)

Copyright 1998-2018 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later

This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with libnl 3,
with GLib 2.58.1, with zlib 1.2.11, without SMI, with c-ares 1.14.0, with Lua
5.2.4, with GnuTLS 3.5.19, with Gcrypt 1.8.3, with MIT Kerberos, with MaxMind
DB
resolver, with nghttp2 1.33.0, with LZ4, with Snappy, with libxml2 2.9.8.

Running on Linux 4.18.7-arch1-1-ARCH, with Intel(R) Core(TM) i7-6700HQ CPU @
2.60GHz (with SSE4.2), with 32052 MB of physical memory, with locale C, with
libpcap version 1.9.0-PRE-GIT (with TPACKET_V3), with GnuTLS 3.5.19, with
Gcrypt
1.8.3, with zlib 1.2.11, binary plugins supported (13 loaded).

Built using clang 4.2.1 Compatible Clang 7.0.0 (tags/RELEASE_700/final).
--
A problem was found by the oss-fuzz project:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11094

Attached is the sample that triggers this error which can be reproduced with an
ASAN+UBSAN build of Wireshark:
tshark -Vxr clusterfuzz-testcase-minimized-fuzzshark_ip-5746499850338304.pcap
--
=
==18400==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 22 byte(s) in 1 object(s) allocated from:
#0 0x5633258de639 in malloc (run/tshark+0x1ae639)
#1 0x7fac3e2b62f1 in g_malloc
/usr/src/debug/build/../glib/glib/gmem.c:99:13
#2 0x7fac4c484ad3 in wmem_alloc epan/wmem/wmem_core.c:35:16
#3 0x7fac4c89e3f2 in rel_time_to_secs_str epan/to_str.c:923:15
#4 0x7fac4a5cff9f in process_time_value
epan/dissectors/packet-rtp-ed137.c:688:15
#5 0x7fac4a5cf31b in dissect_rtp_hdr_ext_ed137b_feature_climax_ddc_mam
epan/dissectors/packet-rtp-ed137.c:830:5
#6 0x7fac4c6abbb5 in call_dissector_through_handle epan/packet.c:706:9
#7 0x7fac4c6968b8 in call_dissector_work epan/packet.c:791:9
#8 0x7fac4c695958 in dissector_try_uint_new epan/packet.c:1383:8
#9 0x7fac4c69714b in dissector_try_uint epan/packet.c:1407:9
#10 0x7fac4a5cdf84 in dissect_rtp_hdr_ext_ed137a
epan/dissectors/packet-rtp-ed137.c:992:32
#11 0x7fac4c6abbb5 in call_dissector_through_handle epan/packet.c:706:9
#12 0x7fac4c6968b8 in call_dissector_work epan/packet.c:791:9
#13 0x7fac4c695958 in dissector_try_uint_new epan/packet.c:1383:8
#14 0x7fac4a5be4b4 in dissect_rtp epan/dissectors/packet-rtp.c:2097:24
#15 0x7fac4c6abbb5 in call_dissector_through_handle epan/packet.c:706:9
#16 0x7fac4c6968b8 in call_dissector_work epan/packet.c:791:9
#17 0x7fac4c6a4e9a in call_dissector_only epan/packet.c:3141:8
#18 0x7fac4c68e5e4 in call_dissector_with_data epan/packet.c:3154:8
#19 0x7fac4c6a4ee1 in call_dissector epan/packet.c:3171:9
#20 0x7fac48acf3aa in dissect_bta2dp
epan/dissectors/packet-btavdtp.c:3064:9
#21 0x7fac4c6abbb5 in call_dissector_through_handle epan/packet.c:706:9
#22 0x7fac4c6968b8 in call_dissector_work epan/packet.c:791:9
#23 0x7fac4c698aaf in dissector_try_string_new epan/packet.c:1682:9
#24 0x7fac4c698c00 in dissector_try_string epan/packet.c:1707:9
#25 0x7fac48a57f98 in dissect_attribute_value
epan/dissectors/packet-btatt.c:4639:9
#26 0x7fac48a4081c in dissect_btatt epan/dissectors/packet-btatt.c:10951:9
#27 0x7fac4c6abbb5 in call_dissector_through_handle epan/packet.c:706:9
#28 0x7fac4c6968b8 in call_dissector_work epan/packet.c:791:9
#29 0x7fac4c695958 in dissector_try_uint_new epan/packet.c:1383:8

SUMMARY: AddressSanitizer: 22 byte(s) leaked in 1 allocation(s).

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14275] MongoDB dissector doesn't register as SSL capable

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14275

--- Comment #4 from Derick Rethans  ---
Hi,

I'll will provide these files. But I need a day or two to be able to get enough
time to do so.

cheers,
Derick

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15228] GSlice assertion failure

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15228

--- Comment #2 from Gerald Combs  ---
It looks like you might be running into this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1192515. I don't have access to the
private links, unfortunately.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15224] Malformed Packet: SV

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15224

--- Comment #3 from Alex Bal <3221...@gmail.com> ---
Specification in attachment

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15224] Malformed Packet: SV

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15224

--- Comment #2 from Alex Bal <3221...@gmail.com> ---
Created attachment 16670
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16670=edit
Spec for 61850-9-2LE

Spec for 61850-9-2LE

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15230] New: tshark 2.6 does not print geoIP information

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15230

Bug ID: 15230
   Summary: tshark 2.6 does not print geoIP information
   Product: Wireshark
   Version: 2.6.1
  Hardware: x86-64
OS: Ubuntu
Status: UNCONFIRMED
  Severity: Normal
  Priority: Low
 Component: TShark
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: al.le...@blacklynx.tech
  Target Milestone: ---

Build Information:
$ tshark --version
TShark (Wireshark) 2.6.1 (Git v2.6.1 packaged as 2.6.1-0ubuntu2~14.04.3)

Copyright 1998-2018 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later

This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with libnl 3,
with GLib 2.40.2, with zlib 1.2.8, with SMI 0.4.8, with c-ares 1.10.0, with Lua
5.2.3, with GnuTLS 2.12.23, with Gcrypt 1.5.3, with MIT Kerberos, with MaxMind
DB resolver, with nghttp2 0.6.7, with LZ4, with Snappy, with libxml2 2.9.1.

Running on Linux 4.4.0-111-generic, with Intel(R) Xeon(R) CPU E5-2699A v4 @
2.40GHz (with SSE4.2), with 128830 MB of physical memory, with locale
en_US.UTF-8, with libpcap version 1.5.3, with GnuTLS 2.12.23, with Gcrypt
1.5.3,
with zlib 1.2.8, binary plugins supported (13 loaded).

Built using gcc 4.8.4.

--
I have upgraded to tshark 2.6 with the geoip - geolite2 mmdb.  After the
upgrade, tshark no longer provides the geoIP information.  (previously using
tshark 2.2 and that worked without issue)

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14275] MongoDB dissector doesn't register as SSL capable

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14275

Peter Wu  changed:

   What|Removed |Added

 CC||pe...@lekensteyn.nl

--- Comment #3 from Peter Wu  ---
Hi Derick, this issue caused a regression where plaintext MongoDB packets are
incorrectly dissected (bug 14381). In order to fix that bug, traffic on the
default port will be considered MongoDB again (instead of TLS).

To verify that your issue remains fixed, could you provide a capture file and
session keys?

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14381] cannot find any Mongo Wire Protocol (MONGO) package

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14381

--- Comment #9 from Peter Wu  ---
(In reply to Alexis La Goutte from comment #8)
> on the other bug, there is a no a pcap with TLS ?

There is none, but perhaps that reporter could provide one. I'll ask for it.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14381] cannot find any Mongo Wire Protocol (MONGO) package

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14381

--- Comment #8 from Alexis La Goutte  ---
(In reply to Peter Wu from comment #7)
> (In reply to Alexis La Goutte from comment #6)
> > (In reply to Peter Wu from comment #5)
> > > Use ssl_dissector_add(0, mongo_handle) to avoid interpreting the port as 
> > > TLS
> > > by default.
> > > 
> > > In order to recognize TLS again and be able to dissect decrypted TLS data,
> > > change dissect_mongo to recognize TLS. If TLS is detected, set the appdata
> > > dissector to mongodb and call the TLS dissector with ssl_starttls_ack(...,
> > > mongo_handle) + call_dissector(tls_handle, ...).
> >
> > i prefer solution 1 :)
> 
> To validate that a mongodb TLS capture needs to be created with decryption
> secrets. At the moment I don't have time to try that though.
> 
> Disabling TLS as was done in comment 2 should not be necessary, but there is
> a bug in the Decode As dialog. Steps to reproduce:
> 1. Select packet 6, Decode As.
> 2. Observe Field "TLS Port", Value 27017, Default "MONGO", Current "MONGO".
> 3. Change "Field" to "TCP Port".
> 4. Press OK.
> 
> Expected behavior:
> Traffic is decoded as Mongo.
> 
> Actual behavior:
> Traffic is still decoded as TLS. When opening the Decode As dialog again,
> the entry is gone again. Changing "Field" should probably change the other
> columns as well. If you select "Ether type" or "IP Protocol" for example, it
> will still say "TLS".
> 
> What did work was Decode As on packet 2 which shows:
> Field "TCP Port", Value 27017, Default "TLS", Current "TLS"
> and then change Current "TLS" -> "MONGO".

on the other bug, there is a no a pcap with TLS ?

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14381] cannot find any Mongo Wire Protocol (MONGO) package

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14381

--- Comment #7 from Peter Wu  ---
(In reply to Alexis La Goutte from comment #6)
> (In reply to Peter Wu from comment #5)
> > Use ssl_dissector_add(0, mongo_handle) to avoid interpreting the port as TLS
> > by default.
> > 
> > In order to recognize TLS again and be able to dissect decrypted TLS data,
> > change dissect_mongo to recognize TLS. If TLS is detected, set the appdata
> > dissector to mongodb and call the TLS dissector with ssl_starttls_ack(...,
> > mongo_handle) + call_dissector(tls_handle, ...).
>
> i prefer solution 1 :)

To validate that a mongodb TLS capture needs to be created with decryption
secrets. At the moment I don't have time to try that though.

Disabling TLS as was done in comment 2 should not be necessary, but there is a
bug in the Decode As dialog. Steps to reproduce:
1. Select packet 6, Decode As.
2. Observe Field "TLS Port", Value 27017, Default "MONGO", Current "MONGO".
3. Change "Field" to "TCP Port".
4. Press OK.

Expected behavior:
Traffic is decoded as Mongo.

Actual behavior:
Traffic is still decoded as TLS. When opening the Decode As dialog again, the
entry is gone again. Changing "Field" should probably change the other columns
as well. If you select "Ether type" or "IP Protocol" for example, it will still
say "TLS".

What did work was Decode As on packet 2 which shows:
Field "TCP Port", Value 27017, Default "TLS", Current "TLS"
and then change Current "TLS" -> "MONGO".

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14381] cannot find any Mongo Wire Protocol (MONGO) package

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14381

--- Comment #6 from Alexis La Goutte  ---
(In reply to Peter Wu from comment #5)
> I considered suggesting changing the port number, but there does not seem to
> be a dedicated port for TLS traffic:
> https://docs.mongodb.com/manual/reference/default-mongodb-port/
> https://docs.mongodb.com/manual/tutorial/configure-ssl-clients/
> https://docs.mongodb.com/manual/tutorial/configure-ssl/
> https://docs.mongodb.com/manual/core/security-transport-encryption/
> 
> Two possibilities:
> 
> Use ssl_dissector_add(0, mongo_handle) to avoid interpreting the port as TLS
> by default.
> 
> In order to recognize TLS again and be able to dissect decrypted TLS data,
> change dissect_mongo to recognize TLS. If TLS is detected, set the appdata
> dissector to mongodb and call the TLS dissector with ssl_starttls_ack(...,
> mongo_handle) + call_dissector(tls_handle, ...).
> 
> or
> 
> change the TLS dissector to reject the data if it does not look like TLS at
> all (like Michael did in the above path). One limitation is that it does not
> help with dissecting the decrypted data as mongo, for that to work the
> previous approach is necessary.
> 
> For a quick fix, I suggest just changing mongo to use ssl_dissector_add(0,
> mongo_handle). This will regress on bug 14275 in the sense that TLS traffic
> is not automatically marked as such, but for decryption more changes were
> needed anyway.

i prefer solution 1 :)

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15229] Tshark memory leak

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15229

--- Comment #1 from Sergiy Dryga  ---
Created attachment 16669
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16669=edit
3 hour CPU consumption graph

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15229] New: Tshark memory leak

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15229

Bug ID: 15229
   Summary: Tshark memory leak
   Product: Wireshark
   Version: 2.6.4
  Hardware: x86-64
OS: Red Hat
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: TShark
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: sergiy.dr...@gmail.com
  Target Milestone: ---

Created attachment 16668
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16668=edit
3 hour memory consumption graph

Build Information:
TShark (Wireshark) 2.6.4 (v2.6.4)

Copyright 1998-2018 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later

This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap, without POSIX capabilities, without libnl, with
GLib 2.54.2, with zlib 1.2.7, without SMI, with c-ares 1.10.0, without Lua,
without GnuTLS, with Gcrypt 1.5.3, without Kerberos, without MaxMind DB
resolver, with nghttp2 1.31.1, with LZ4, with Snappy, with libxml2 2.9.1.

Running on Linux 3.10.0-862.14.4.el7.x86_64, with Intel(R) Xeon(R) CPU  
E7450  @ 2.40GHz, with 3781 MB of physical memory, with locale en_US.UTF-8,
with
libpcap version 1.5.3, with Gcrypt 1.5.3, with zlib 1.2.7, binary plugins
supported (0 loaded).

Built using gcc 4.8.5 20150623 (Red Hat 4.8.5-28).
--
Dear Support Team!

It looks life tshark memory leak has been detected. Please help to localize and
solve the problem.

Tshark behaviour is reproducable with the next test conditions:

1) Red Hat Enterprise Linux Server release 7.5 (Maipo)
Linux 3.10.0-862.14.4.el7.x86_64

2) Traffic flow ~3.19 Mbps, ~1293.61 pps

3) Tshark prints captured packets to stdout which is piped to stdin of another
program.
tshark -q -ni lo -s 0 -f 'ether host xx:xx:xx:xx:xx:xx or ether host
xx:xx:xx:xx:xx:xx or ether host xx:xx:xx:xx:xx:xx or ether host
xx:xx:xx:xx:xx:xx' -Y '((gsm_old.localValue == 2 || gsm_old.localValue == 3 ||
gsm_old.localValue == 7 || gsm_map.old.Component == 2) && ((sccp.called.digits
> 3809 || sccp.called.digits < 3800) || (sccp.calling.digits >
3809 || sccp.calling.digits < 3800)))' -V -T pdml | 

At the end tshark consumed all RAM and SWAP and OOM killer killed tshark &
dumpcap then.

In the attachment you can find 3 hour CPU and memory consumption graphs.

Best regards,
Sergiy Dryga.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15228] GSlice assertion failure

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15228

Pascal Quantin  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 Resolution|--- |WONTFIX
 CC||pascal.quan...@gmail.com

--- Comment #1 from Pascal Quantin  ---
Hi,

as listed in https://wiki.wireshark.org/Development/LifeCycle, Wireshark 1.10
branch is end of life since June 5, 2015.
We strongly encourage you to upgrade your version if you can.

Best regards,
Pascal.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15228] New: GSlice assertion failure

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15228

Bug ID: 15228
   Summary: GSlice assertion failure
   Product: Wireshark
   Version: unspecified
  Hardware: x86
OS: Linux
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: GTK+ UI
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: j...@wizmail.org
  Target Milestone: ---

Build Information:
wireshark 1.10.14 (Git Rev Unknown from unknown)

Copyright 1998-2015 Gerald Combs  and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.31, with Cairo 1.14.2, with Pango 1.40.4, with
GLib 2.50.3, with libpcap, with libz 1.2.7, with POSIX capabilities (Linux),
without libnl, with SMI 0.4.8, with c-ares 1.10.0, with Lua 5.1, without
Python,
with GnuTLS 3.3.24, with Gcrypt 1.5.3, with MIT Kerberos, without GeoIP,
without
PortAudio, with AirPcap.

Running on Linux 3.10.0-862.14.4.el7.x86_64, with locale en_US.utf8, with
libpcap version 1.5.3, with libz 1.2.7, GnuTLS 3.3.26, Gcrypt 1.5.3, without
AirPcap.
Westmere E56xx/L56xx/X56xx (IBRS update)

Built using gcc 4.8.5 20150623 (Red Hat 4.8.5-14).

--
Crash on mouse-movement. Error message to initiating terminal:

 ***MEMORY-ERROR***: wireshark[12648]: GSlice: assertion failed:
sinfo->n_allocated > 0

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14381] cannot find any Mongo Wire Protocol (MONGO) package

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14381

--- Comment #5 from Peter Wu  ---
I considered suggesting changing the port number, but there does not seem to be
a dedicated port for TLS traffic:
https://docs.mongodb.com/manual/reference/default-mongodb-port/
https://docs.mongodb.com/manual/tutorial/configure-ssl-clients/
https://docs.mongodb.com/manual/tutorial/configure-ssl/
https://docs.mongodb.com/manual/core/security-transport-encryption/

Two possibilities:

Use ssl_dissector_add(0, mongo_handle) to avoid interpreting the port as TLS by
default.

In order to recognize TLS again and be able to dissect decrypted TLS data,
change dissect_mongo to recognize TLS. If TLS is detected, set the appdata
dissector to mongodb and call the TLS dissector with ssl_starttls_ack(...,
mongo_handle) + call_dissector(tls_handle, ...).

or

change the TLS dissector to reject the data if it does not look like TLS at all
(like Michael did in the above path). One limitation is that it does not help
with dissecting the decrypted data as mongo, for that to work the previous
approach is necessary.

For a quick fix, I suggest just changing mongo to use ssl_dissector_add(0,
mongo_handle). This will regress on bug 14275 in the sense that TLS traffic is
not automatically marked as such, but for decryption more changes were needed
anyway.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe