[Wireshark-bugs] [Bug 16068] Buildbot crash output: fuzz-2019-09-21-17411.pcap

2019-09-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16068

Pascal Quantin  changed:

   What|Removed |Added

 Status|CONFIRMED   |RESOLVED
 CC||pas...@wireshark.org
 Resolution|--- |DUPLICATE

--- Comment #1 from Pascal Quantin  ---


*** This bug has been marked as a duplicate of bug 16067 ***

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16067] Buildbot crash output: fuzz-2019-09-21-5503.pcap

2019-09-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16067

--- Comment #1 from Pascal Quantin  ---
*** Bug 16068 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16067] Buildbot crash output: fuzz-2019-09-21-5503.pcap

2019-09-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16067

--- Comment #2 from Gerrit Code Review  ---
Change 34590 had a related patch set uploaded by Pascal Quantin:
RRC: do not use a freed wmem_strbuf structure

https://code.wireshark.org/review/34590

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16063] deleting a colum produces a crash

2019-09-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16063

Tomasz Mon  changed:

   What|Removed |Added

 CC||deso...@gmail.com

--- Comment #1 from Tomasz Mon  ---
Your steps to reproduce do not include how to generate the "Affected Pointcode"
column in the first place. When I open a pcap file, there is no "Affected
Pointcode" column shown. If the crash happens only with specific pcap file, you
might want to attach it to the bug report.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16067] Buildbot crash output: fuzz-2019-09-21-5503.pcap

2019-09-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16067

--- Comment #3 from Gerrit Code Review  ---
Change 34590 merged by Pascal Quantin:
RRC: do not use a freed wmem_strbuf structure

https://code.wireshark.org/review/34590

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16067] Buildbot crash output: fuzz-2019-09-21-5503.pcap

2019-09-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16067

Pascal Quantin  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 CC||pas...@wireshark.org
 Status|CONFIRMED   |RESOLVED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 10305] Tftp dissector does not track conversations correctly. Source file and Destination File redundant or disagree.

2019-09-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10305

Roman Koshelev  changed:

   What|Removed |Added

 CC||roman.koshe...@bk.ru

--- Comment #6 from Roman Koshelev  ---
(In reply to Evan Beachly from comment #0)
> Created attachment 12922 [details]
> A capture of several TFTP exchanges. Set the TFTP port to 59 in the
> preferences.
> 
> Build Information:
> Version 1.12.0-rc2 (v1.12.0-rc2-0-gfd017ee from master-1.12)
> 
> Copyright 1998-2014 Gerald Combs  and contributors.
> This is free software; see the source for copying conditions. There is NO
> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
> 
> Compiled (32-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0,
> with
> GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with
> c-ares
> 1.9.1, with Lua 5.2, without Python, with GnuTLS 3.1.22, with Gcrypt 1.6.0,
> with
> MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Jun 13 2014), with
> AirPcap.
> 
> Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
> 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
> 1_0_rel0b (20091008), GnuTLS 3.1.22, Gcrypt 1.6.0, without AirPcap.
>  Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz, with 16264MB of physical
> memory.
> 
> 
> Built using Microsoft Visual C++ 10.0 build 40219
> 
> --
> The Source File and Destination File fields are sometimes redundant or
> disagree.
> 
> For example, in the attached file, see packets 1, 6, 10, 28, and 29. (Make
> sure you set the TFTP port to 59 in the preferences).
> 
> The source file field is supposed to contain the file name during read
> requests. The destination file field is supposed to contain the file name
> during write requests.
> 
> The source/destination field that is flagged as generated should only be
> shown for data packets, not request packets.
> 
> My solution (you may decide to implement something else) was to replace
> lines 369-408 of packet-tftp.c with:
> 
>  /*
>  * The first TFTP packet goes to the TFTP port; the second one
>  * comes from some *other* port, but goes back to the same
>  * IP address and port as the ones from which the first packet
>  * came; all subsequent packets go between those two IP addresses
>  * and ports.
>  *
>  * If this packet went to the TFTP port, we create a new conversation
>  * and set the destination port to a wildcard. That way the subsequent
> packets
>  * can be matched to it.
>  *
>  * If not, we search for a conversation it matches. One might not exist if
> the
>  * user is explicitly dissecting a packet, so just create a new one if that's
>  * the case.
>  */
>  if (value_is_in_range(global_tftp_port_range, pinfo->destport)) {
>  conversation = conversation_new(pinfo->fd->num, >src, >dst,
>  PT_UDP, pinfo->srcport, 0, NO_PORT2);
>  conversation_set_dissector(conversation, tftp_handle);
>  } else {
>  conversation = find_conversation(pinfo->fd->num, >src, >dst,
>  pinfo->ptype, pinfo->srcport,
>  pinfo->destport, 0);
>  if( (conversation == NULL) ||
>  (conversation->dissector_handle != tftp_handle) )
>  {
>  conversation = conversation_new(pinfo->fd->num, >src, >dst, 
>  PT_UDP, pinfo->destport, pinfo->srcport,
>  0);
>  conversation_set_dissector(conversation, tftp_handle);
>  }
>  }

You have attached the ARINC 615A-4 track. Is there a protocol specification? (I
am writing a dissector. There is only 615A-3)

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16065] Crash when opening Go To Packet while redissecting

2019-09-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16065

--- Comment #2 from Roland Knall  ---
The main underlying issue is, that we query the model inside MainWindow, which
WE ABSOLUTELY SHOULD NEVER NOT NIENTE

But - I am still in the middle of my separation work, and at the pace it is
going, I won't be finished until 3.4. So, this change is the best we can do atm

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16065] Crash when opening Go To Packet while redissecting

2019-09-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16065

--- Comment #1 from Gerrit Code Review  ---
Change 34591 had a related patch set uploaded by Roland Knall:
Qt: Fix invalid pointer for model

https://code.wireshark.org/review/34591

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16068] New: Buildbot crash output: fuzz-2019-09-21-17411.pcap

2019-09-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16068

Bug ID: 16068
   Summary: Buildbot crash output: fuzz-2019-09-21-17411.pcap
   Product: Wireshark
   Version: unspecified
  Hardware: x86-64
OS: Ubuntu
Status: CONFIRMED
  Severity: Major
  Priority: High
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: buildbot-do-not-re...@wireshark.org
  Target Milestone: ---

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2019-09-21-17411.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/15990-uaf_wmem_strbuf.pcap

Build host information:
Linux build6 4.15.0-62-generic #69-Ubuntu SMP Wed Sep 4 20:55:53 UTC 2019
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description:Ubuntu 18.04.3 LTS
Release:18.04
Codename:   bionic

Buildbot information:
BUILDBOT_WORKERNAME=clang-code-analysis
BUILDBOT_BUILDNUMBER=5121
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_REPOSITORY=ssh://wireshark-build...@code.wireshark.org:29418/wireshark
BUILDBOT_GOT_REVISION=893a2d9c62e8dcc4fe0f43c47e01743136f55386

Return value:  0

Dissector bug:  0

Valgrind error count:  92



Git commit
commit 893a2d9c62e8dcc4fe0f43c47e01743136f55386
Author: Tomasz Moń 
Date:   Sun Sep 15 11:25:18 2019 +0200

MSVC: Warn about unused formal parameters

Provide _U_ macro definition for Visual Studio.

Change the way _U_ macro is ifdefed for some targets to allow Visual
Studio to recognize it.

Ping-Bug: 15832
Change-Id: Ic7ce145cbe9e8aa751d64c9c09ce8ba6c1bbbd30
Reviewed-on: https://code.wireshark.org/review/34530
Tested-by: Petri Dish Buildbot
Petri-Dish: Peter Wu 
Reviewed-by: Peter Wu 


Command and args: ./tools/valgrind-wireshark.sh -b
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin
 
==7365== Memcheck, a memory error detector
==7365== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==7365== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==7365== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2019-09-21-17411.pcap
==7365== 
==7365== Invalid read of size 8
==7365==at 0x820314C: wmem_strbuf_get_str (wmem_strbuf.c:258)
==7365==by 0x7FA100C: dissect_rrc_PLMN_IdentityWithOptionalMCC_r6
(rrc.cnf:906)
==7365==by 0x7555C66: dissect_per_sequence_of_helper (packet-per.c:568)
==7365==by 0x7557C1C: dissect_per_constrained_sequence_of
(packet-per.c:943)
==7365==by 0x7FBC921:
dissect_rrc_SEQUENCE_SIZE_1_6_OF_PLMN_IdentityWithOptionalMCC_r6
(rrc.cnf:11469)
==7365==by 0x755A7A5: dissect_per_sequence (packet-per.c:1903)
==7365==by 0x7FBC8A4: dissect_rrc_MultiplePLMNsOfIntraFreqCellsList_item
(rrc.cnf:11484)
==7365==by 0x7555C66: dissect_per_sequence_of_helper (packet-per.c:568)
==7365==by 0x7557C1C: dissect_per_constrained_sequence_of
(packet-per.c:943)
==7365==by 0x7FBC7E1: dissect_rrc_MultiplePLMNsOfIntraFreqCellsList
(rrc.cnf:11497)
==7365==by 0x755A7A5: dissect_per_sequence (packet-per.c:1903)
==7365==by 0x7FBC764: dissect_rrc_PLMNIdentitiesOfNeighbourCells_v860ext
(rrc.cnf:11541)
==7365==  Address 0x19376c18 is 8 bytes inside a block of size 40 free'd
==7365==at 0x4C30D3B: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7365==by 0x81FD623: wmem_free (wmem_core.c:65)
==7365==by 0x82000A7: wmem_simple_free (wmem_allocator_simple.c:54)
==7365==by 0x81FD68E: wmem_free (wmem_core.c:75)
==7365==by 0x82031C5: wmem_strbuf_finalize (wmem_strbuf.c:278)
==7365==by 0x7FA0F14: dissect_rrc_PLMN_IdentityWithOptionalMCC_r6
(rrc.cnf:886)
==7365==by 0x7555C66: dissect_per_sequence_of_helper (packet-per.c:568)
==7365==by 0x7557C1C: dissect_per_constrained_sequence_of
(packet-per.c:943)
==7365==by 0x7FBC921:
dissect_rrc_SEQUENCE_SIZE_1_6_OF_PLMN_IdentityWithOptionalMCC_r6
(rrc.cnf:11469)
==7365==by 0x755A7A5: dissect_per_sequence (packet-per.c:1903)
==7365==by 0x7FBC8A4: dissect_rrc_MultiplePLMNsOfIntraFreqCellsList_item
(rrc.cnf:11484)
==7365==by 0x7555C66: dissect_per_sequence_of_helper (packet-per.c:568)
==7365==  Block was alloc'd at
==7365==at 0x4C2FB0F: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7365==by 0xC2FEAB8: g_malloc (in
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5600.4)
==7365==by 0x81FD523: wmem_alloc (wmem_core.c:35)
==7365==by 0x81FFF89: wmem_simple_alloc (wmem_allocator_simple.c:43)
==7365==by 0x81FD599: wmem_alloc (wmem_core.c:44)
==7365==by 0x8202A37: wmem_strbuf_sized_new (wmem_strbuf.c:59)
==7365==by 0x7FA0E8C: dissect_rrc_PLMN_IdentityWithOptionalMCC_r6

[Wireshark-bugs] [Bug 16069] Analysis TFTP payload. Add payload transfer to heuristic dissector.

2019-09-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16069

Alexis La Goutte  changed:

   What|Removed |Added

 CC||alexis.lagou...@gmail.com

--- Comment #1 from Alexis La Goutte  ---
you work on this subject ?

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16070] S1AP Initial UE Message partial dissecton, Extraneous Data on mobile station classmark 3

2019-09-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16070

Alexis La Goutte  changed:

   What|Removed |Added

 Ever confirmed|0   |1
 Status|UNCONFIRMED |INCOMPLETE
 CC||alexis.lagou...@gmail.com

--- Comment #1 from Alexis La Goutte  ---
Can you unzip all attachement ? (not really need the screenshot)

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16069] Analysis TFTP payload. Add payload transfer to heuristic dissector.

2019-09-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16069

--- Comment #2 from Roman Koshelev  ---
(In reply to Alexis La Goutte from comment #1)

Yes. I have written a prototype (for version 2.6.10. repa -
https://github.com/Roman-Koshelev/dummy.git), but not everything in it suits
me. I study dissectors of other protocols for a better understanding of how to
do it right.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16070] S1AP Initial UE Message partial dissecton, Extraneous Data on mobile station classmark 3

2019-09-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16070

Pascal Quantin  changed:

   What|Removed |Added

 Resolution|--- |NOTABUG
 CC||pas...@wireshark.org
 Status|INCOMPLETE  |RESOLVED

--- Comment #2 from Pascal Quantin  ---
As seen in 3GPP 24.008 chapter 10.5.1.7, Wireshark already decodes all the bits
defined.
Here the UE you use adds an extra byte with zeroes which is not defined in the
specification, triggering the message you see. But there is nothing to fix on
our side.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16059] TLS decryption is very slow on Windows when using a large PMS file compared to linux/macOS

2019-09-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16059

--- Comment #22 from Gerrit Code Review  ---
Change 34573 merged by Anders Broman:
Win32: Do not reload TLS keylog file on each packet

https://code.wireshark.org/review/34573

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16065] Crash when opening Go To Packet while redissecting

2019-09-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16065

--- Comment #3 from Gerrit Code Review  ---
Change 34591 merged by Peter Wu:
Qt: Fix invalid pointer for model

https://code.wireshark.org/review/34591

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16070] New: S1AP Initial UE Message partial dissecton, Extraneous Data on mobile station classmark 3

2019-09-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16070

Bug ID: 16070
   Summary: S1AP Initial UE Message partial dissecton, Extraneous
Data on mobile station classmark 3
   Product: Wireshark
   Version: Git
  Hardware: x86-64
OS: Windows 10
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: h...@radcom.com
  Target Milestone: ---

Created attachment 17344
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17344=edit
zip contains screenshots, pcap and spec.

Build Information:
Version 3.1.0rc0-1309-gd1d0f6d5d14c (v3.1.0rc0-1309-gd1d0f6d5d14c) 
Copyright 1998-2019 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later
 This is free software;
see the source for copying conditions. There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 
Compiled (64-bit) with Qt 5.12.4, with WinPcap SDK (WpdPack) 4.1.2, with GLib
2.52.3, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.14.0, with Lua 5.2.4,
with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos,
with MaxMind DB resolver, with nghttp2 1.14.0, with brotli, with LZ4, with
Snappy, with libxml2 2.9.9, with QtMultimedia, with AirPcap, with SpeexDSP
(using bundled resampler), with SBC, with SpanDSP, with bcg729. 
Running on 64-bit Windows 10 (1903), build 18362, with Intel(R) Core(TM)
i7-8650U CPU @ 1.90GHz (with SSE4.2), with 16243 MB of physical memory, with
locale English_United States.1252, with light display mode, without HiDPI, with
Npcap version 0.99-r9, based on libpcap version 1.8.1, with GnuTLS 3.6.3, with
Gcrypt 1.8.3, with brotli 1.0.2, without AirPcap, binary plugins supported (19
loaded). Built using Microsoft Visual Studio 2017 (VC++ 14.16, build 27030). 
--
S1AP Initial UE Message
Nas PDU- mobile station classmark 3
length seems correct however dissector cannot parse all the way.

Extraneous Data, dissector bug or later version spec(report to wireshark.org)

Please see attached screenshots,pcap and spec.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16070] S1AP Initial UE Message partial dissecton, Extraneous Data on mobile station classmark 3

2019-09-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16070

HenDev  changed:

   What|Removed |Added

   Priority|Low |Medium

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16069] New: Analysis TFTP payload. Add payload transfer to heuristic dissector.

2019-09-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16069

Bug ID: 16069
   Summary: Analysis TFTP payload. Add payload transfer to
heuristic dissector.
   Product: Wireshark
   Version: unspecified
  Hardware: All
OS: All
Status: UNCONFIRMED
  Severity: Normal
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: roman.koshe...@bk.ru
  Target Milestone: ---

Build Information:
Wireshark 3.1.1 (v3.1.1rc0-351-g893a2d9c62e8)

Copyright 1998-2019 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later

This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.9.5, with libpcap, with POSIX capabilities (Linux),
with libnl 3, with GLib 2.56.4, with zlib 1.2.11, with SMI 0.4.8, with c-ares
1.14.0, with Lua 5.2.4, with GnuTLS 3.5.18 and PKCS #11 support, with Gcrypt
1.8.1, with MIT Kerberos, with MaxMind DB resolver, with nghttp2 1.30.0, with
brotli, with LZ4, with Zstandard, with Snappy, with libxml2 2.9.4, with
QtMultimedia, with SpeexDSP (using system library), with SBC, with SpanDSP,
without bcg729.

Running on Linux 5.0.0-29-generic, with Intel(R) Core(TM) i7-4720HQ CPU @
2.60GHz (with SSE4.2), with 3942 MB of physical memory, with locale
ru_RU.UTF-8,
with libpcap version 1.8.1, with GnuTLS 3.5.18, with Gcrypt 1.8.1, with brotli
1.0.4, with zlib 1.2.11, binary plugins supported (0 loaded).

Built using gcc 7.4.0.
--
via TFTP payload, a higher protocol message can be transmitted. Need the
ability to write dissectors for protocols over TFTP

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16059] TLS decryption is very slow on Windows when using a large PMS file compared to linux/macOS

2019-09-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16059

--- Comment #23 from Gerrit Code Review  ---
Change 34592 had a related patch set uploaded by Tomasz Moń:
Win32: Do not reload TLS keylog file on each packet

https://code.wireshark.org/review/34592

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16065] Crash when opening Go To Packet while redissecting

2019-09-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16065

Peter Wu  changed:

   What|Removed |Added

 Status|CONFIRMED   |RESOLVED
 Resolution|--- |FIXED

--- Comment #4 from Peter Wu  ---
Merged workaround for the bug in master in
v3.1.1rc0-355-gb43177e1f0

(again, master-3.0 is unaffected)

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16059] TLS decryption is very slow on Windows when using a large PMS file compared to linux/macOS

2019-09-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16059

Peter Wu  changed:

   What|Removed |Added

 CC||patrick.sulliv...@emc.com

--- Comment #26 from Peter Wu  ---
*** Bug 12804 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12804] Large SSL/TLS keylog file results in even more memory usage

2019-09-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12804

Peter Wu  changed:

   What|Removed |Added

 Resolution|--- |DUPLICATE
 Status|CONFIRMED   |RESOLVED

--- Comment #16 from Peter Wu  ---
The memory usage issue on Windows appears to be solved by the fix for Bug
16059, marking it as duplicate.

*** This bug has been marked as a duplicate of bug 16059 ***

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16059] TLS decryption is very slow on Windows when using a large PMS file compared to linux/macOS

2019-09-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16059

--- Comment #24 from Gerrit Code Review  ---
Change 34592 merged by Peter Wu:
Win32: Do not reload TLS keylog file on each packet

https://code.wireshark.org/review/34592

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16059] TLS decryption is very slow on Windows when using a large PMS file compared to linux/macOS

2019-09-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16059

Peter Wu  changed:

   What|Removed |Added

 Status|IN_PROGRESS |RESOLVED
 Resolution|--- |FIXED

--- Comment #25 from Peter Wu  ---
Fixed in
v3.1.1rc0-358-gbd439c9090
v3.0.6rc0-3-ge1442707db

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16063] deleting a colum produces a crash

2019-09-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16063

Guy Harris  changed:

   What|Removed |Added

   Hardware|x86 |x86-64

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16063] deleting a colum produces a crash

2019-09-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16063

--- Comment #2 from Guy Harris  ---
Stack trace from the crash report:

0   libqmacstyle.dylib  0x00011b7b4f6a 0x11b7a9000 + 49002
1   org.qt-project.QtWidgets0x000115f8a454 0x115e92000 +
1016916
2   org.qt-project.QtWidgets0x000115f8a99d
QFocusFrame::eventFilter(QObject*, QEvent*) + 125
3   org.qt-project.QtCore   0x000116fa00f4
QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) + 148
4   org.qt-project.QtWidgets0x000115ea26e8
QApplicationPrivate::notify_helper(QObject*, QEvent*) + 248
5   org.qt-project.QtWidgets0x000115ea3b02
QApplication::notify(QObject*, QEvent*) + 594
6   org.qt-project.QtCore   0x000116f9fe44
QCoreApplication::notifyInternal2(QObject*, QEvent*) + 212
7   org.qt-project.QtWidgets0x000115edaca6
QWidgetPrivate::setGeometry_sys(int, int, int, int, bool) + 2230
8   org.qt-project.QtWidgets0x000115edadc4
QWidget::resize(QSize const&) + 116
9   org.wireshark.Wireshark 0x00010f05eb7d
PacketList::applyRecentColumnWidths() + 141
10  org.wireshark.Wireshark 0x00010f05ea95
PacketList::columnsChanged() + 117
11  org.wireshark.Wireshark 0x00010f060d95
PacketList::headerMenuTriggered() + 549
12  org.qt-project.QtCore   0x000116fd109c
QMetaObject::activate(QObject*, int, int, void**) + 3132
13  org.qt-project.QtWidgets0x000115e99195
QAction::activate(QAction::ActionEvent) + 309
14  org.qt-project.QtWidgets0x00011601d1fd 0x115e92000 +
1618429
15  org.qt-project.QtWidgets0x00011601a94e 0x115e92000 +
1608014
16  org.qt-project.QtWidgets0x0001160221c2
QMenu::mouseReleaseEvent(QMouseEvent*) + 690
17  org.qt-project.QtWidgets0x000115ede45d
QWidget::event(QEvent*) + 445
18  org.qt-project.QtWidgets0x0001160228fc
QMenu::event(QEvent*) + 1308
19  org.qt-project.QtWidgets0x000115ea26fd
QApplicationPrivate::notify_helper(QObject*, QEvent*) + 269
20  org.qt-project.QtWidgets0x000115ea5558
QApplication::notify(QObject*, QEvent*) + 7336
21  org.qt-project.QtCore   0x000116f9fe44
QCoreApplication::notifyInternal2(QObject*, QEvent*) + 212
22  org.qt-project.QtWidgets0x000115ea3020
QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*,
QWidget**, QPointer&, bool, bool) + 896
23  org.qt-project.QtWidgets0x000115efdc4a 0x115e92000 + 441418
24  org.qt-project.QtWidgets0x000115efc595 0x115e92000 + 435605
25  org.qt-project.QtWidgets0x000115ea26fd
QApplicationPrivate::notify_helper(QObject*, QEvent*) + 269
26  org.qt-project.QtWidgets0x000115ea3b02
QApplication::notify(QObject*, QEvent*) + 594
27  org.qt-project.QtCore   0x000116f9fe44
QCoreApplication::notifyInternal2(QObject*, QEvent*) + 212
28  org.qt-project.QtGui0x000116894fdc
QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*)
+ 3404
29  org.qt-project.QtGui0x00011687c6ab
QWindowSystemInterface::sendWindowSystemEvents(QFlags)
+ 219
30  libqcocoa.dylib 0x0001192465f0 0x119212000 + 214512
31  libqcocoa.dylib 0x000119246d50 0x119212000 + 216400
32  com.apple.CoreFoundation0x7fff2fc36683
__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
33  com.apple.CoreFoundation0x7fff2fc36629 __CFRunLoopDoSource0
+ 108
34  com.apple.CoreFoundation0x7fff2fc19feb
__CFRunLoopDoSources0 + 195
35  com.apple.CoreFoundation0x7fff2fc195b5 __CFRunLoopRun +
1189
36  com.apple.CoreFoundation0x7fff2fc18ebe CFRunLoopRunSpecific
+ 455
37  com.apple.HIToolbox 0x7fff2ee781ab
RunCurrentEventLoopInMode + 292
38  com.apple.HIToolbox 0x7fff2ee77ded
ReceiveNextEventCommon + 355
39  com.apple.HIToolbox 0x7fff2ee77c76
_BlockUntilNextEventMatchingListInModeWithFilter + 64
40  com.apple.AppKit0x7fff2d21079d _DPSNextEvent + 1135
41  com.apple.AppKit0x7fff2d20f48b
-[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:]
+ 1361
42  com.apple.AppKit0x7fff2d2095a8 -[NSApplication run]
+ 699
43  libqcocoa.dylib 0x000119245ccb 0x119212000 + 212171
44  org.qt-project.QtCore   0x000116f9b50f
QEventLoop::exec(QFlags) + 431
45  org.qt-project.QtCore   0x000116fa0452
QCoreApplication::exec() + 130
46  org.wireshark.Wireshark 0x00010f00b464 main + 3988
47  libdyld.dylib   0x7fff5bb723d5 start + 1

-- 
You are

[Wireshark-bugs] [Bug 16063] deleting a colum produces a crash

2019-09-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16063

Guy Harris  changed:

   What|Removed |Added

 Ever confirmed|0   |1
 Status|UNCONFIRMED |INCOMPLETE

--- Comment #3 from Guy Harris  ---
(In reply to Tomasz Mon from comment #1)
> Your steps to reproduce do not include how to generate the "Affected
> Pointcode" column in the first place. When I open a pcap file, there is no
> "Affected Pointcode" column shown.

Presumably it's a custom field.  What is the field used for it?

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13653] extcap: Several issues when capturing from multiple extcap interfaces

2019-09-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13653

--- Comment #12 from Gerrit Code Review  ---
Change 34503 merged by Anders Broman:
extcap: Multiple extcap instance support on Windows

https://code.wireshark.org/review/34503

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 10305] Tftp dissector does not track conversations correctly. Source file and Destination File redundant or disagree.

2019-09-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10305

--- Comment #7 from Guy Harris  ---
(In reply to Roman Koshelev from comment #6)
> You have attached the ARINC 615A-4 track.

He's attached a capture file containing TFTP traffic; perhaps what's being
transferred are ARINC 615A files.

> Is there a protocol specification?

A Google search for "ARINC 615A-4" finds only a couple of pages, neither of
which appear to have anything to do with any 615A-4 standard.

If you want to ask the person who attached the file, you can click on any of
the "Evan Beachly" links on this page.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe