[Wireshark-bugs] [Bug 13363] "Do you want to save the captured packets...?" [Continue without saving]

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13363

--- Comment #6 from Gerrit Code Review  ---
Change 20485 merged by Stig Bjørlykke:
Qt: Give discard button focus (but not as default)

https://code.wireshark.org/review/20485

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13363] "Do you want to save the captured packets...?" [Continue without saving]

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13363

Gerrit Code Review  changed:

   What|Removed |Added

 Status|IN_PROGRESS |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 1918] T30 FCF byte decoding masks DTC, CIG and NCS

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1918

--- Comment #20 from Gerrit Code Review  ---
Change 20498 merged by Michael Mann:
T30: fix parsing broken since ge063924

https://code.wireshark.org/review/20498

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13448] rpcap doesn't work with dumpcap/*shark on UN*Xes

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13448

--- Comment #31 from Guy Harris  ---
(In reply to Jörg Mayer from comment #28)
> Bug 12075 has a method of reliably triggering a failure in capture. This
> will reliably trigger a crash on macOS that I have seen lots of times while
> working on this bug.
> After confirming the error message the screen returns to the start screen
> and crashes a few seconds later.
> 
> (process:31939): Main-DEBUG: Translator system
> ASAN:DEADLYSIGNAL
> =
> ==31939==ERROR: AddressSanitizer: SEGV on unknown address 0x

NULL pointer dereference.

> (pc
> 0x000112152c00 bp 0x7fff506cea30 sp 0x7fff506ce1b0 T0)
> #0 0x112152bff in wrap_strcmp (libclang_rt.asan_osx_dynamic.dylib+0xdbff)
> #1 0x10fff43de in capture_stats (Wireshark+0x100ac63de)

That would be the strcmp() in

  for (sc_entry = sc->cache_list; sc_entry != NULL; sc_entry =
g_list_next(sc_entry)) {
sc_item = (if_stat_cache_item_t *)sc_entry->data;
if (strcmp(sc_item->name, ifname) == 0) {
  memcpy(ps, _item->ps, sizeof(struct pcap_stat));
  return TRUE;
}
  }

unless the compiler has inlined capture_stat_cache_update(), in which case it
might also be the strcmp() in

  while (sync_pipe_gets_nonblock(sc->stat_fd, stat_line, MAX_STAT_LINE_LEN) >
0) {
g_strstrip(stat_line);
stat_parts = g_strsplit(stat_line, "\t", 3);
if (stat_parts[0] == NULL || stat_parts[1] == NULL ||
  stat_parts[2] == NULL) {
  g_strfreev(stat_parts);
  continue;
}
for (sc_entry = sc->cache_list; sc_entry != NULL; sc_entry =
g_list_next(sc_entry)) {
  sc_item = (if_stat_cache_item_t *)sc_entry->data;
  if (strcmp(sc_item->name, stat_parts[0]) == 0) {
sc_item->ps.ps_recv = (u_int) strtoul(stat_parts[1], NULL, 10);
sc_item->ps.ps_drop = (u_int) strtoul(stat_parts[2], NULL, 10);
  }
}
  g_strfreev(stat_parts);
  }

The first crash would happen if the item's name were null or the inflame passed
in were null.

The second crash would happen if the item's name were null; there's already a
check for whether stat_parts[0] is null before the strcmp().

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13448] rpcap doesn't work with dumpcap/*shark on UN*Xes

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13448

--- Comment #30 from Guy Harris  ---
(In reply to Jörg Mayer from comment #26)
> No idea whether they should be shown. At least I don't see any IP-Adresses
> for rpcap interfaces on macOS with WS and libpcap head while I do see them
> for local interfaces.

They *should* be shown, but the protocol problem I mentioned means it may not
work with a *BSD/macOS client and any server or a *BSD/macOS server and any
client.  (IPv6 addresses will also have problems even if it's a
Windows/Linux/Solaris/HP-UX client and server, unless they're both running the
same OS.)

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13448] rpcap doesn't work with dumpcap/*shark on UN*Xes

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13448

--- Comment #29 from Guy Harris  ---
(In reply to Stig Bjørlykke from comment #25)
> I found this in a mail dated Thu, Jun 23, 2011:
> 
> "
> One problem on OSX is the size of the interface address is not equal to the
> one on Solaris/Windows, I think this is because an internal struct is used. 
> This is dissected in dissect_rpcap_ifaddr() in packet-rpcap.c.  This only
> affects listing the addresses on the remote interfaces, and does not affect
> fetching packets.

Yes.

There are two problems with the "fetch remote interfaces" message:

1) It sends a socket address structure over the wire, but, on systems with a
"new BSD"-style socket address structure, the structure begins *not* with a
2-byte address family but with a 1-byte address structure length and a 1-byte
address family (that was done when support for the OSI protocols, with
variable-length network addresses, was added to BSD).  That means that the code
that serializes addresses byte-swaps the 1-byte address family field, which
turns it into 0, and the code that de-serializes it will not do the right thing
if its socket address structures are different from the server's socket address
structures.

2) They send the raw address family value over the wire, but different OSes
have different values for AF_INET6, so if the server and client have different
values for AF_INET6, the IPv6 addresses won't be recognized.

I'm working on a change where

1) the server sends a standard structure over the wire, with a layout
independent of the OS's socket address structure layouts, including a 2-byte
address family field, and always sends the Windows version of AF_INET6;

2) the client checks for a number of address family values, to try to handle
servers that have a 2-byte address family field, big-endian servers that have a
1-byte structure length field and a 1-byte address family field, and
little-endian servers that have a 1-byte structure length field and a 1-byte
address family field, and to handle several different AF_INET6 values.

This means that:

1) the fixed client should work with the fixed server *and* with un-fixed
servers on most OSes (if I can find out what AF_INET6 is on IRIX and Tru64
UNIX, I could handle them as well - currently, it should handle un-fixed
servers on Windows, Linux, *BSD, macOS, AIX, Solaris, and HP-UX);

2) the un-fixed client on Windows should work with the fixed server on all
platforms;

3) the un-fixed client on UN*Xes won't work with the fixed server on any
platform, but it also wouldn't work with the un-fixed server on Windows or most
other UN*Xes, and might not even work with the same UN*X if that UN*X has a
1-byte structure length field and a 1-byte address family field - and the UN*X
client, unlike the Windows client, isn't part of a standard *pcap release, so
the user should be able to build and use the fixed client.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13448] rpcap doesn't work with dumpcap/*shark on UN*Xes

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13448

--- Comment #28 from Jörg Mayer  ---
Bug 12075 has a method of reliably triggering a failure in capture. This will
reliably trigger a crash on macOS that I have seen lots of times while working
on this bug.
After confirming the error message the screen returns to the start screen and
crashes a few seconds later.

(process:31939): Main-DEBUG: Translator system
ASAN:DEADLYSIGNAL
=
==31939==ERROR: AddressSanitizer: SEGV on unknown address 0x (pc
0x000112152c00 bp 0x7fff506cea30 sp 0x7fff506ce1b0 T0)
#0 0x112152bff in wrap_strcmp (libclang_rt.asan_osx_dynamic.dylib+0xdbff)
#1 0x10fff43de in capture_stats (Wireshark+0x100ac63de)
#2 0x10f7f602e in InterfaceTreeModel::updateStatistic(unsigned int)
(Wireshark+0x1002c802e)
#3 0x10f813994 in InterfaceFrame::updateStatistics()
(Wireshark+0x1002e5994)
#4 0x10ff86cdb in InterfaceFrame::qt_static_metacall(QObject*,
QMetaObject::Call, int, void**) (Wireshark+0x100a58cdb)
#5 0x111be02e0 in QMetaObject::activate(QObject*, int, int, void**)
(QtCore+0x21d2e0)
#6 0x111bd931f in QObject::event(QEvent*) (QtCore+0x21631f)

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13476] Fuzzed BGP packet causing divide by zero crash

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13476

Gerrit Code Review  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13476] Fuzzed BGP packet causing divide by zero crash

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13476

--- Comment #2 from Gerrit Code Review  ---
Change 20499 merged by Michael Mann:
bgp: Avoid divide by zero

https://code.wireshark.org/review/20499

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12075] Error while trying to run remote capture - bind address already in use (code 98)

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12075

Jörg Mayer  changed:

   What|Removed |Added

 Status|INCOMPLETE  |CONFIRMED

--- Comment #7 from Jörg Mayer  ---
Reproduced, this time reliably on macOS. It will also reliably crash afterwards
on macOS (but most likely not on Windows). Tracking the crash will be done as
part of bug 13448.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13348] Fuzzed PCAP causes large memory usage in dissect_wsp

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13348

--- Comment #7 from Gerrit Code Review  ---
Change 20500 had a related patch set uploaded by Balint Reczey:
wsp: Sanity check capability length

https://code.wireshark.org/review/20500

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 10267] Connection to RPCAP daemon for fetching interface capabilities is always attempted with null authentication

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10267

Jörg Mayer  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 10267] Connection to RPCAP daemon for fetching interface capabilities is always attempted with null authentication

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10267

--- Comment #2 from Jörg Mayer  ---
Just tested on macOS with latest git of Wireshark and libpcap: Problem does not
occur, even after listing the interfaces and starting and stopping two capture
sessions. Closing. If the problem should still be present with a current
Wireshark (>=2.2.5) on your system, please reopen the bug and update the
information in the bug's header.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 11011] Please add an option "Use monitor mode on all 802.11 interfaces"

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11011

Peter Wu  changed:

   What|Removed |Added

 CC||pe...@lekensteyn.nl

--- Comment #2 from Peter Wu  ---
This behavior can currently (at least with Wireshark 2.0, 2.2 and 2.3.x) be
enabled with:

wireshark -I

This option enables monitor mode on all interfaces that support it (this is at
least documented in the wireshark(1) manual, I did not actually test it).

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12255] capture filter text disappears when adapter selection is changed

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12255

Peter Wu  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 CC||pe...@lekensteyn.nl
 Resolution|--- |DUPLICATE

--- Comment #1 from Peter Wu  ---
The suggested change is the same as bug 12636, marking as duplicate.

*** This bug has been marked as a duplicate of bug 12636 ***

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12636] Selecting an interface can clear the capture filter

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12636

Peter Wu  changed:

   What|Removed |Added

 CC||raysat...@yahoo.com

--- Comment #2 from Peter Wu  ---
*** Bug 12255 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13476] Fuzzed BGP packet causing divide by zero crash

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13476

--- Comment #1 from Gerrit Code Review  ---
Change 20499 had a related patch set uploaded by Stig Bjørlykke:
bgp: Avoid divide by zero

https://code.wireshark.org/review/20499

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13478] New: Fuzzed netscaler file causes infinite loop in nstrace_set_start_time_v20

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13478

Bug ID: 13478
   Summary: Fuzzed netscaler file causes infinite loop in
nstrace_set_start_time_v20
   Product: Wireshark
   Version: Git
  Hardware: All
OS: All
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Capture file support (libwiretap)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: otto.air...@gmail.com

Created attachment 15331
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=15331=edit
PCAP causing issue

Build Information:
TShark (Wireshark) 2.3.0 (v2.3.0rc0-2662-g7119b66)
Built using gcc 5.4.0 20160609.
--
Fuzzed PCAP goes to infinite loop on tshark 2.0.2 and a resent build from
repository (commit 7119b6691f318efa90bfe42a98d1b812dac183b5)

GDB backtrace from 'tshark -2 -V -r ' Interrupted after a while:

Program received signal SIGINT, Interrupt.
0x77b563f8 in nstrace_set_start_time_v20 (wth=0xab6590, wth=0xab6590)
at netscaler.c:900
900nstrace_set_start_time_ver(20)
(gdb) bt
#0  0x77b563f8 in nstrace_set_start_time_v20 (wth=0xab6590,
wth=0xab6590) at netscaler.c:900
#1  0x77b56e9f in nstrace_set_start_time (wth=0xab6590) at
netscaler.c:918
#2  nstrace_open (wth=0xab6590, err=0x7fffdf18, err_info=0x7fffd638) at
netscaler.c:767
#3  0x77b439f1 in wtap_open_offline (filename=filename@entry=0xab6ef0
"netscaler_busyloop.pcap", type=type@entry=0, err=err@entry=0x7fffdf18,
err_info=err_info@entry=0x7fffd638,
do_random=) at file_access.c:1047
#4  0x0041820d in cf_open (cf=cf@entry=0x643060 , fname=0xab6ef0
"netscaler_busyloop.pcap", type=0, is_tempfile=is_tempfile@entry=0,
err=err@entry=0x7fffdf18) at tshark.c:4118
#5  0x0040e914 in main (argc=, argv=) at
tshark.c:2027
(gdb)

Credit goes to: Otto Airamo and Antti Levomäki, Forcepoint

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13477] New: Fuzzed UDP packet causes large memory usage

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13477

Bug ID: 13477
   Summary: Fuzzed UDP packet causes large memory usage
   Product: Wireshark
   Version: Git
  Hardware: All
OS: All
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: otto.air...@gmail.com

Created attachment 15330
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=15330=edit
PCAP causing issue

Build Information:
TShark (Wireshark) 2.3.0 (v2.3.0rc0-2662-g7119b66)
Built using gcc 5.4.0 20160609.
--
Fuzzed PCAP containing singe UDP packet uses all the memory on tshark 2.0.2 and
a resent build from repository (commit
7119b6691f318efa90bfe42a98d1b812dac183b5)

Example GDB backtrace from 'tshark -r ' Interrupted after using 4GB of
memory:

Program received signal SIGINT, Interrupt.
0x74b0368a in parse_wbxml_attribute_list_defined (tree=tree@entry=0x0,
tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=154,
str_tbl=str_tbl@entry=4, level=,
codepage_attr=0x7fffcd1b "", map=0x764a8760 ) at
packet-wbxml.c:7078
7078if ((peek & 0x3F) < 5) switch (peek) { /* Global tokens
(gdb) bt
#0  0x74b0368a in parse_wbxml_attribute_list_defined
(tree=tree@entry=0x0, tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28,
offset=offset@entry=154,
str_tbl=str_tbl@entry=4, level=,
codepage_attr=0x7fffcd1b "", map=0x764a8760 ) at
packet-wbxml.c:7078
#1  0x74b046a2 in parse_wbxml_tag_defined (tree=tree@entry=0x0,
tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=153,
str_tbl=str_tbl@entry=4, level=level@entry=0x7fffcd19 "\021",
codepage_stag=0x7fffcd1a "", codepage_attr=0x7fffcd1b "",
map=0x764a8760 ) at packet-wbxml.c:7562
#2  0x74b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0,
tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=114,
str_tbl=str_tbl@entry=4, level=level@entry=0x7fffcd19 "\021",
codepage_stag=0x7fffcd1a "", codepage_attr=0x7fffcd1b "",
map=0x764a8760 ) at packet-wbxml.c:7534
#3  0x74b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0,
tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=113,
str_tbl=str_tbl@entry=4, level=level@entry=0x7fffcd19 "\021",
codepage_stag=0x7fffcd1a "", codepage_attr=0x7fffcd1b "",
map=0x764a8760 ) at packet-wbxml.c:7534
#4  0x74b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0,
tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=112,
str_tbl=str_tbl@entry=4, level=level@entry=0x7fffcd19 "\021",
codepage_stag=0x7fffcd1a "", codepage_attr=0x7fffcd1b "",
map=0x764a8760 ) at packet-wbxml.c:7534
#5  0x74b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0,
tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=111,
str_tbl=str_tbl@entry=4, level=level@entry=0x7fffcd19 "\021",
codepage_stag=0x7fffcd1a "", codepage_attr=0x7fffcd1b "",
map=0x764a8760 ) at packet-wbxml.c:7534
#6  0x74b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0,
tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=110,
str_tbl=str_tbl@entry=4, level=level@entry=0x7fffcd19 "\021",
codepage_stag=0x7fffcd1a "", codepage_attr=0x7fffcd1b "",
map=0x764a8760 ) at packet-wbxml.c:7534
#7  0x74b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0,
tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=109,
str_tbl=str_tbl@entry=4, level=level@entry=0x7fffcd19 "\021",
codepage_stag=0x7fffcd1a "", codepage_attr=0x7fffcd1b "",
map=0x764a8760 ) at packet-wbxml.c:7534
#8  0x74b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0,
tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=108,
str_tbl=str_tbl@entry=4, level=level@entry=0x7fffcd19 "\021",
codepage_stag=0x7fffcd1a "", codepage_attr=0x7fffcd1b "",
map=0x764a8760 ) at packet-wbxml.c:7534
#9  0x74b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0,
tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=107,
str_tbl=str_tbl@entry=4, level=level@entry=0x7fffcd19 "\021",
codepage_stag=0x7fffcd1a "", codepage_attr=0x7fffcd1b "",
map=0x764a8760 ) at packet-wbxml.c:7534
#10 0x74b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0,
tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=106,
str_tbl=str_tbl@entry=4, level=level@entry=0x7fffcd19 "\021",
codepage_stag=0x7fffcd1a "", codepage_attr=0x7fffcd1b "",
map=0x764a8760 ) at packet-wbxml.c:7534
#11 0x74b0433d in parse_wbxml_tag_defined 

[Wireshark-bugs] [Bug 1918] T30 FCF byte decoding masks DTC, CIG and NCS

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1918

--- Comment #19 from Gerrit Code Review  ---
Change 20498 had a related patch set uploaded by Michael Mann:
T30: fix parsing broken since ge063924

https://code.wireshark.org/review/20498

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 1918] T30 FCF byte decoding masks DTC, CIG and NCS

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1918

Gerrit Code Review  changed:

   What|Removed |Added

 Status|IN_PROGRESS |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 1918] T30 FCF byte decoding masks DTC, CIG and NCS

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1918

--- Comment #18 from Gerrit Code Review  ---
Change 20497 had a related patch set uploaded by Michael Mann:
T30: fix parsing broken since ge063924

https://code.wireshark.org/review/20497

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 1918] T30 FCF byte decoding masks DTC, CIG and NCS

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1918

--- Comment #17 from Gerrit Code Review  ---
Change 20423 merged by Michael Mann:
T30: fix parsing broken since ge063924

https://code.wireshark.org/review/20423

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13347] Fuzzed PCAP causes large memory usage in dissect_rtmpt

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13347

--- Comment #8 from Gerrit Code Review  ---
Change 20490 merged by Balint Reczey:
rtmpt: Ensure sequence count is incremented for stored fragments

https://code.wireshark.org/review/20490

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13448] rpcap doesn't work with dumpcap/*shark on UN*Xes

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13448

--- Comment #27 from Jörg Mayer  ---
Just checked: Looks the same on Windows

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13448] rpcap doesn't work with dumpcap/*shark on UN*Xes

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13448

--- Comment #26 from Jörg Mayer  ---
No idea whether they should be shown. At least I don't see any IP-Adresses for
rpcap interfaces on macOS with WS and libpcap head while I do see them for
local interfaces.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13469] TShark does not display QUIC information while Wireshark does

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13469

--- Comment #5 from Alexis La Goutte  ---
(In reply to Jonmejoy Das Choudhury from comment #4)
> (In reply to Guy Harris from comment #2)
> > In at least one capture QUIC capture file, with frames containing a CID,
> > 2.2.5 on macOS printed the CID.
> > 
> > We'd probably be able to diagnose the problem faster if we could see a
> > capture that shows this problem.
> 
> I've now attached the pcap. Please let me know if the problem could be
> reproduced. Thanks

With 2.3.x, no issue for me (it is recommended to use last nighty build if you
want to analyse QUIC protocol)
The protocol move QUICky and not all enhance is backport to older wireshark
branch

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe