from:"bugzilla\-daemon"

[Wireshark-bugs] [Bug 16447] Wireshark not passing correct options to sshdump in macOS

2020-03-23 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16447

--- Comment #8 from Rodrigo Ventura  ---
The buttons are indeed there and I entirely missed them - my bad.

The password is lost and one has to retype it, which is understandable for
security reasons.

However, wireshark hangs in this situation:
1- start sshdump
2- stop
3- restart (toolbar button)
4- gives an error (which is ok)
5- wireshark goes back to the welcome screen
6- double click on the sshdump

I think it should give the same error as (4), but instead, it hangs.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16455] New: IPv6 Extension Headers not high not highlighted in Packet Byte Pane

2020-03-23 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16455

Bug ID: 16455
   Summary: IPv6 Extension Headers not high not highlighted in
Packet Byte Pane
   Product: Wireshark
   Version: 3.2.0
  Hardware: x86
OS: Windows 10
Status: UNCONFIRMED
  Severity: Minor
  Priority: Low
 Component: Qt UI
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: leut...@netsniffing.ch
  Target Milestone: ---

Created attachment 17684
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17684&action=edit
IPv6 trace file with Fragmentation Extension header

Build Information:
3.2.1 (v3.2.1-0-gbf38a67724d0)

Compiled (64-bit) with Qt 5.12.6, with WinPcap SDK (WpdPack) 4.1.2, with GLib
2.52.3, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.15.0, with Lua 5.2.4,
with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos,
with MaxMind DB resolver, with nghttp2 1.39.2, with brotli, with LZ4, with
Zstandard, with Snappy, with libxml2 2.9.9, with QtMultimedia, with AirPcap,
with SpeexDSP (using bundled resampler), with SBC, with SpanDSP, with bcg729.

Running on 64-bit Windows 10 (1809), build 17763, with Intel(R) Core(TM)
i7-4700MQ CPU @ 2.40GHz (with SSE4.2), with 16068 MB of physical memory, with
locale German_Switzerland.1252, with light display mode, with mixed DPI, with
Npcap version 0.9986, based on libpcap version 1.9.1, with GnuTLS 3.6.3, with
Gcrypt 1.8.3, with brotli 1.0.2, with AirPcap 4.1.3 build 3348, binary plugins
supported (19 loaded).

Built using Microsoft Visual Studio 2019 (VC++ 14.24, build 28315).

--
If you select an IPv6 header (with extensions) in the (collapsed) Packet
Details, only the IPv6 Base header (40 Bytes) is marked in the Packet Bytes
pane. The bytes for the Extension header are not marked, but are belonging to
the IPv6 header. (8 Bytes in the enclosed example).
Only if you specifically select the Fragment header, the 8 Bytes are marked
correctly in the Packet Byte pane.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16455] IPv6 Extension Headers not highlighted in Packet Byte Pane

2020-03-23 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16455

leut...@netsniffing.ch  changed:

   What|Removed |Added

Summary|IPv6 Extension Headers not  |IPv6 Extension Headers not
   |high not highlighted in |highlighted in Packet Byte
   |Packet Byte Pane|Pane

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16455] IPv6 Extension Headers not highlighted in Packet Byte Pane

2020-03-23 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16455

--- Comment #1 from leut...@netsniffing.ch  ---
Created attachment 17685
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17685&action=edit
Screenshot 1

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16455] IPv6 Extension Headers not highlighted in Packet Byte Pane

2020-03-23 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16455

--- Comment #2 from leut...@netsniffing.ch  ---
Created attachment 17686
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17686&action=edit
Screenshot 2

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16455] IPv6 Extension Headers not highlighted in Packet Byte Pane

2020-03-23 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16455

leut...@netsniffing.ch  changed:

   What|Removed |Added

 CC||leut...@netsniffing.ch

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16455] IPv6 Extension Headers not highlighted in Packet Byte Pane

2020-03-23 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16455

Alexis La Goutte  changed:

   What|Removed |Added

 CC||alexis.lagou...@gmail.com,
   ||joao.valverde@tecnico.ulisb
   ||oa.pt

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16455] IPv6 Extension Headers not highlighted in Packet Byte Pane

2020-03-23 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16455

leut...@netsniffing.ch  changed:

   What|Removed |Added

  Attachment #17685|0   |1
is obsolete||

--- Comment #3 from leut...@netsniffing.ch  ---
Created attachment 17687
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17687&action=edit
Screenshot 1

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16455] IPv6 Extension Headers not highlighted in Packet Byte Pane

2020-03-23 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16455

--- Comment #4 from Christopher Maynard  ---
(In reply to leut...@netsniffing.ch from comment #0)
> If you select an IPv6 header (with extensions) in the (collapsed) Packet
> Details, only the IPv6 Base header (40 Bytes) is marked in the Packet Bytes
> pane. The bytes for the Extension header are not marked, but are belonging
> to the IPv6 header. (8 Bytes in the enclosed example).
> Only if you specifically select the Fragment header, the 8 Bytes are marked
> correctly in the Packet Byte pane.

While it might seem like the extension headers should be counted as part of the
IPv6 header, that doesn't seem to be how RFC 8200 defines things, which I think
explains why Wireshark is implemented the way it is.

>From https://tools.ietf.org/html/rfc8200#page-6:

  Payload Length  16-bit unsigned integer.  Length of the IPv6
  payload, i.e., the rest of the packet
  following this IPv6 header, in octets.  (Note
  that any extension headers (see Section 4)
  present are considered part of the payload,
  i.e., included in the length count.)

That said, I do think it makes sense to highlight all the bytes of the IPv6
header including extensions when selecting the IPv6 layer.  That would
hopefully also adjust the "Protocol Hierarchy Statistics" (PHS) to include the
IPv6 extensions bytes as part of IPv6.  Looking at the attached capture file,
currently only 80 bytes are indicated in the IPv6 PHS, whereas 96 bytes should
be.  Those 16 bytes are actually completely unaccounted for in the PHS.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16455] IPv6 Extension Headers not highlighted in Packet Byte Pane

2020-03-23 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16455

João Valverde  changed:

   What|Removed |Added

 Ever confirmed|0   |1
 Status|UNCONFIRMED |CONFIRMED

--- Comment #5 from João Valverde  ---
I agree that with the preference set to display extension headers under the
IPv6 protocol tree (not my preferred option but it is the default and shown
here), those bytes should be highlighted when the IPv6 layer is selected.

I will take a look at the code.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16456] New: SNMP MIB Data Not Fully Decoded

2020-03-23 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16456

Bug ID: 16456
   Summary: SNMP MIB Data Not Fully Decoded
   Product: Wireshark
   Version: 3.2.2
  Hardware: x86-64
OS: Windows 8.1
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: mtle...@yahoo.com
  Target Milestone: ---

Created attachment 17688
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17688&action=edit
libsmi rebuilt with MSVC2017

Build Information:
Version 3.2.2 (v3.2.2-0-ga3efece3d640) 
Copyright 1998-2020 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later
 This is free software; see the
source for copying conditions. There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 
Compiled (64-bit) with Qt 5.12.6, with WinPcap SDK (WpdPack) 4.1.2, with GLib
2.52.3, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.15.0, with Lua 5.2.4,
with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos,
with MaxMind DB resolver, with nghttp2 1.39.2, with brotli, with LZ4, with
Zstandard, with Snappy, with libxml2 2.9.9, with QtMultimedia, with automatic
updates using WinSparkle 0.5.7, with AirPcap, with SpeexDSP (using bundled
resampler), with SBC, with SpanDSP, with bcg729. 
Running on 64-bit Windows 8.1, build 9600, with Intel(R) Core(TM) i5-6600 CPU @
3.30GHz (with SSE4.2), with 16270 MB of physical memory, with locale
English_United States.1252, with light display mode, without HiDPI, with
WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version
1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.6.3, with Gcrypt 1.8.3, with
brotli 1.0.2, without AirPcap, binary plugins supported (19 loaded). Built
using Microsoft Visual Studio 2019 (VC++ 14.24, build 28316). 
Wireshark is Open Source Software released under the GNU General Public
License. 
--
SNMP MIB data is not being fully decoded for a named-number enumeration. I
#defined DEBUG_OIDS in oids.h and determined there is a problem with data
returned from libsmi-2.dll when the MIB file is loaded. Specifically the
nodekind in the SmiNode struct is not set which results in the MIB OID not
being fully registered so the decode shows only an integer value instead of the
named enumeration.

This appears to be a day one issue with libsmi-2.dll as I found Bug 7580 which
describes the same problem I am seeing. I found the source code for libsmi
0.4.8 at https://www.ibr.cs.tu-bs.de/projects/libsmi/download/. I rebuilt the
dll with MSVC2017 and that has fixed the issue.

Can rebuilt versions of libsmi-2.dll get incorporated into the wireshark 3.2.x
build? I've attached the following:
1) Screenshots of decoded MIB with named-number enumeration not working with
the existing libsmi-2.dll and then working with the rebuilt libsmi-2.dll.
2) zip file with libsmi 0.4.8 source and the 32 and 64 bit dll's that I tested
with. The only changes I made were to config and makefiles in the win
directory. The libsmi source is unchanged.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16456] SNMP MIB Data Not Fully Decoded

2020-03-23 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16456

--- Comment #1 from Tim L  ---
Created attachment 17689
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17689&action=edit
MIB decode with existing libsmi

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16456] SNMP MIB Data Not Fully Decoded

2020-03-23 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16456

--- Comment #2 from Tim L  ---
Created attachment 17690
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17690&action=edit
MIB decode with rebuilt libsmi

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16454] RFC8613 OSCORE - COAP Option Number 9 is reported as unknown. Option Number 21 is accepted as OSCORE Option, in contradiction to RFC8613.

2020-03-23 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16454

Guy Harris  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|CONFIRMED   |RESOLVED

--- Comment #2 from Guy Harris  ---
Backported to the 3.2 branch in https://code.wireshark.org/review/35163, so
this should be fixed in 3.2.3.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16456] SNMP MIB Data Not Fully Decoded

2020-03-24 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16456

Jaap Keuter  changed:

   What|Removed |Added

  Component|Dissection engine   |Build process
   |(libwireshark)  |

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16457] New: tshark logs: "...could not be opened: Too many open files."

2020-03-25 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16457

Bug ID: 16457
   Summary: tshark logs: "...could not be opened: Too many open
files."
   Product: Wireshark
   Version: 3.2.2
  Hardware: x86-64
OS: SuSE
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: TShark
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: rei...@dfn-cert.de
  Target Milestone: ---

Build Information:
Running as user "root" and group "root". This could be dangerous.
TShark (Wireshark) 3.2.2 (Git commit a3efece3d640)

Copyright 1998-2020 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later

This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with libnl 3,
with GLib 2.54.3, with zlib 1.2.11, with SMI 0.4.8, with c-ares
1.15.0-20200117,
with Lua 5.1.5, with GnuTLS 3.6.7 and PKCS #11 support, with Gcrypt 1.8.2, with
MIT Kerberos, with MaxMind DB resolver, with nghttp2 1.39.2, with brotli, with
LZ4, without Zstandard, with Snappy, with libxml2 2.9.7.

Running on Linux 4.12.14-lp151.28.40-default, with Common KVM processor, with
x MB of physical memory, with locale de_DE.UTF-8, with libpcap version
1.8.1, with GnuTLS 3.6.7, with Gcrypt 1.8.2, with brotli 1.0.2, with zlib
1.2.11, binary plugins supported (0 loaded).

Built using gcc 7.5.0.

--
I am using tshark like this:

$ tshark -i  -C Export -F libpcap -Tek -x -f "ip and dst net
a.b.c.d/xx and not src net a.b.c.d/xx" -b duration:60 -w
/path/to/store/pcaps/filename.pcap > /dev/null

Every minute it starts opening a new file for storing the new captured packets.
It runs as a systemd service. After an update to version 3.2.2 on 23/03/2020,
the service logs one type of error and stops running tshark. The logs look like
this:

Mär 24 06:22:01  .sh[1694]: tshark: The file
"/usr/share/wireshark/hosts" could not be opened: Too many open files.
Mär 24 06:22:01  .sh[1694]: tshark: The file
"/root/.config/wireshark/profiles/Export/hosts" could not be opened: Too many
open files.
Mär 24 06:22:01  .sh[1694]: tshark: The file
"/root/.config/wireshark/profiles/Export/subnets" could not be opened: Too many
open files.
Mär 24 06:22:01  .sh[1694]: tshark: The file
"/root/.config/wireshark/subnets" could not be opened: Too many open files.
Mär 24 06:22:01  .sh[1694]: tshark: The file
"/usr/share/wireshark/subnets" could not be opened: Too many open files.
Mär 24 06:22:01  .sh[1694]: tshark: The file
"/root/.config/wireshark/profiles/Export/ss7pcs" could not be opened: Too many
open files.
Mär 24 06:23:02  .sh[1694]: tshark: The file
"/usr/share/wireshark/hosts" could not be opened: Too many open files.
Mär 24 06:23:02  .sh[1694]: tshark: The file
"/root/.config/wireshark/profiles/Export/hosts" could not be opened: Too many
open files.
Mär 24 06:23:02  .sh[1694]: tshark: The file
"/root/.config/wireshark/profiles/Export/subnets" could not be opened: Too many
open files.
Mär 24 06:23:02  .sh[1694]: tshark: The file
"/root/.config/wireshark/subnets" could not be opened: Too many open files.
Mär 24 06:23:02  .sh[1694]: tshark: The file
"/usr/share/wireshark/subnets" could not be opened: Too many open files.
Mär 24 06:23:02  .sh[1694]: tshark: The file
"/root/.config/wireshark/profiles/Export/ss7pcs" could not be opened: Too many
open files.
Mär 24 06:23:02  .sh[1694]: tshark: The file
"/path/to/store/pcaps/filename_01020_20200324062302.pcap" could not be opened:
Too many open files.
Mär 24 06:23:02  .sh[1694]: 3742475 packets
captured

After it saves the pcap file and creates a new one, another systemd service
moves the closed file to another directory: /path/to/another/dir/for/pcaps/

If I run:

$ ls -l /proc/$(ps -C tshark -o pid= | tr -d " ")/fd

I can see, that tshark is still pointing to the captured files which were moved
by the other service:

...
lr-x-- 1 root root 64 25. Mär 10:05 6 ->
/path/to/another/dir/for/pcaps/filename_2_20200325100424.pcap   
lr-x-- 1 root root 64 25. Mär 10:06 7 ->
/path/to/another/dir/for/pcaps/filename_3_20200325100524.pcap   
lr-x-- 1 root root 64 25. Mär 10:07 8 ->
/path/to/another/dir/for/pcaps/filename_4_20200325100624.pcap   
lr-x-- 1 root root 64 25. Mär 10:08 9 ->
/path/to/another/dir/for/pcaps/filename_5_20200325100724.pcap   
...

The system allows 1024 open files for each process: 

$ ulimit -a | grep "open files"
open files  (-n) 1024

So, after around 17 hours, the service is stopped, because tshark is pointing
to 1024 opened files. Before I updated to the new version, this did not happen.

-- 
You are receiving this mail because:
You are watching all bug changes.__

[Wireshark-bugs] [Bug 16457] tshark logs: "...could not be opened: Too many open files."

2020-03-25 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16457

--- Comment #1 from fabian  ---
The older version of tshark where this error does not occur was:

TShark (Wireshark) 2.4.16 (v2.4.16)

If I run:

$ ls -l /proc/$(ps -C tshark -o pid= | tr -d " ")/fd

I get some files and sockets, but only one pcap file at a time which is opened
or used by tshark.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16453] Decryption tests fail on ubuntu

2020-03-25 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16453

Dario Lombardo  changed:

   What|Removed |Added

 CC||pe...@lekensteyn.nl

--- Comment #2 from Dario Lombardo  ---
I definitely need some inspiration here... Peter, any idea?

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16455] IPv6 Extension Headers not highlighted in Packet Byte Pane

2020-03-25 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16455

--- Comment #6 from leut...@netsniffing.ch  ---
B.t.w. If  you select frame one in the enclosed file, the highlight works
correct and markes all 48 bytes! (See Screenshot 3)

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16455] IPv6 Extension Headers not highlighted in Packet Byte Pane

2020-03-25 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16455

--- Comment #7 from leut...@netsniffing.ch  ---
Created attachment 17691
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17691&action=edit
Screenshot 3

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16453] Decryption tests fail on ubuntu

2020-03-25 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16453

Peter Wu  changed:

   What|Removed |Added

 CC||mikael.kanst...@gmail.com

--- Comment #3 from Peter Wu  ---
There have recently been changes by Mikael to the 802.11 decryption
functionality, perhaps those are related. Both tests run with Libgcrypt 1.8.1
so that should be recent enough.

It somehow passes on master again,
Build Ubuntu 189 failed:
https://github.com/crondaemon/wireshark/actions/runs/62237995
Build Ubuntu 190 passed:
https://github.com/crondaemon/wireshark/actions/runs/62854146

There are only three commits in that range, none of them seem relevant:
eb439e89f1..5fbe2e4df8

Maybe there is some uninitialized memory, or name resolution going on?

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14660] Create color rule from Filter

2020-03-25 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14660

David Perry  changed:

   What|Removed |Added

 CC||boolean...@gmail.com

--- Comment #5 from David Perry  ---
Created attachment 17692
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17692&action=edit
Partial implementation/UI prototype

I thought this bug might help me learn more about the UI side of Wireshark.
I've learned a lot, but not enough to make a complete fix. Still, here's a
partial patch, in case someone more skilled wants to take it from here.

Clicking the "+" next to the display filter box opens the accordion for adding
a filter button as before, but it now offers the UI to allow a user to add a
color filter instead. (I'll add a screenshot.) The buttons for selecting colors
work, and the button for viewing the coloring rules will add the currently
entered filter spec (if any) to the top of the list for the user to edit.

Where it needs work:
* If you open the coloring rules window from this area, it doesn't update the
packet list with any color changes you make.
* I'd like for it to add a color to the coloring rules without having to open
the coloring dialog, but I can't figure out how to make it do that.
* I have more to learn about Qt and Qt Creator. When I moved the "Comment"
field into the tabbed interface, it lost its auto-stretch ability and I haven't
learned enough to get it back yet.

Some of the UI code I added to ui/qt/filter_expression_frame.cpp was adapted
from ui/qt/coloring_rules_dialog.cpp

If it matters, this was developed/tested on Windows 10.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14660] Create color rule from Filter

2020-03-25 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14660

--- Comment #6 from David Perry  ---
Created attachment 17693
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17693&action=edit
Screenshot showing the proposed UI changes

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16453] Decryption tests fail on ubuntu

2020-03-25 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16453

--- Comment #4 from Dario Lombardo  ---
Well, I didn't notice it's working again. That makes the search much more
difficult. I'll try with ASAN, I may be lucky with some memory issue.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16453] Decryption tests fail on ubuntu

2020-03-25 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16453

--- Comment #5 from Mikael Kanstrup  ---
This one was tricky. The error either means decryption failed or that tshark
for some other reason cannot parse ARP properly. I've executed the tests
successfully locally before uploading my patches but I for the latest patch
about MFP I didn't run valgrind. Possibly for some of the other ones too so
maybe there's something ASAN can find.

I'll try running some tests with valgrind.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16453] Decryption tests fail on ubuntu

2020-03-25 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16453

--- Comment #6 from Mikael Kanstrup  ---
Valgrind unfortunately did not complain. Tried the following with proper
80211_keys configured:

valgrind --tool=memcheck --leak-check=full  ./run/tshark -r
../wireshark/test/captures/owe.pcapng.gz -Y "wlan.analysis.tk ==
10f3deccc00d5c8f629fba7a0fff34aa || wlan.analysis.gtk ==
016b04ae9e6050bcc1f940dda92b" | grep "Who has 192.168.5.2"

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16453] Decryption tests fail on ubuntu

2020-03-25 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16453

--- Comment #7 from Dario Lombardo  ---
ASAN didn't complain as well with your command.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16455] IPv6 Extension Headers not highlighted in Packet Byte Pane

2020-03-25 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16455

--- Comment #8 from Jaap Keuter  ---
(In reply to leut...@netsniffing.ch from comment #6)
> B.t.w. If  you select frame one in the enclosed file, the highlight works
> correct and markes all 48 bytes! (See Screenshot 3)

This only happens if you switch off 'Reassemble fragmented IPv6 datagrams'.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16453] Decryption tests fail on ubuntu

2020-03-25 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16453

--- Comment #8 from Mikael Kanstrup  ---
Not sure if you saw already but first I didn't. In the failing log there are a
bunch of tests failing. Most of them are decryption tests but there are other
failing tests too.

== 33 failed, 517 passed, 20 skipped, 6 warnings in 87.60s (0:01:27)
===

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16453] Decryption tests fail on ubuntu

2020-03-25 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16453

--- Comment #9 from Dario Lombardo  ---
(In reply to Mikael Kanstrup from comment #8)
> Not sure if you saw already but first I didn't. In the failing log there are
> a bunch of tests failing. Most of them are decryption tests but there are
> other failing tests too.
> 
> == 33 failed, 517 passed, 20 skipped, 6 warnings in 87.60s (0:01:27)
> ===

I checked and they all come from decryption suite.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16453] Decryption tests fail on ubuntu

2020-03-25 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16453

--- Comment #10 from Peter Wu  ---
You could try to diff the full build logs for both builds, perhaps it is a bug
in the compiler or one of the other Ubuntu packages?

@Mikael it may be worth setting WIRESHARK_CONFIG_DIR=/x or HOME=/x before
running valgrind. This ensures that the test is executed with an empty
configuration profile. That may or may not have side-effects that affect the
result.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16457] tshark logs: "...could not be opened: Too many open files."

2020-03-25 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16457

--- Comment #2 from Guy Harris  ---
(In reply to fabian from comment #0)
> I can see, that tshark is still pointing to the captured files which were
> moved by the other service:

Yes, TShark simply should not have to have anywhere near 1024 files open; this
is a file descriptor leak.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16457] tshark logs: "...could not be opened: Too many open files."

2020-03-25 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16457

Guy Harris  changed:

   What|Removed |Added

 Ever confirmed|0   |1
 Status|UNCONFIRMED |CONFIRMED
   Hardware|x86-64  |All
 OS|SuSE|All

--- Comment #3 from Guy Harris  ---
Reproduced on macOS 10.15.4 with 3.2.2 (v3.2.2-0-ga3efece3d640) and

tshark -i en0 -T ek -b duration:60 -w /tmp/gonein60seconds.pcapng
>/dev/null

It has to produce *some* text output, otherwise it doesn't even bother opening
the files to which dumpcap is writing.  -T text would probably work as well.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16457] tshark logs: "...could not be opened: Too many open files."

2020-03-25 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16457

--- Comment #4 from Gerrit Code Review  ---
Change 36580 had a related patch set uploaded by Guy Harris:
Maintain cf->state, because file cleanup depends on it.

https://code.wireshark.org/review/36580

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16457] tshark logs: "...could not be opened: Too many open files."

2020-03-25 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16457

--- Comment #6 from Gerrit Code Review  ---
Change 36581 had a related patch set uploaded by Guy Harris:
Maintain cf->state, because file cleanup depends on it.

https://code.wireshark.org/review/36581

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16457] tshark logs: "...could not be opened: Too many open files."

2020-03-25 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16457

--- Comment #5 from Gerrit Code Review  ---
Change 36580 merged by Guy Harris:
Maintain cf->state, because file cleanup depends on it.

https://code.wireshark.org/review/36580

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16457] tshark logs: "...could not be opened: Too many open files."

2020-03-25 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16457

--- Comment #7 from Gerrit Code Review  ---
Change 36581 merged by Guy Harris:
Maintain cf->state, because file cleanup depends on it.

https://code.wireshark.org/review/36581

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16457] tshark logs: "...could not be opened: Too many open files."

2020-03-25 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16457

Guy Harris  changed:

   What|Removed |Added

 Status|CONFIRMED   |RESOLVED
 Resolution|--- |FIXED

--- Comment #10 from Guy Harris  ---
Checked into the master, 3.2, and 3.0 branches, so it should be in the next
3.2.x and 3.0.x releases.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16457] tshark logs: "...could not be opened: Too many open files."

2020-03-25 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16457

--- Comment #9 from Gerrit Code Review  ---
Change 36582 merged by Guy Harris:
Maintain cf->state, because file cleanup depends on it.

https://code.wireshark.org/review/36582

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16457] tshark logs: "...could not be opened: Too many open files."

2020-03-25 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16457

--- Comment #8 from Gerrit Code Review  ---
Change 36582 had a related patch set uploaded by Guy Harris:
Maintain cf->state, because file cleanup depends on it.

https://code.wireshark.org/review/36582

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13597] Adding or removing columns causes scrollbar havoc.

2020-03-25 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13597

Dylan  changed:

   What|Removed |Added

 Ever confirmed|0   |1
 Status|UNCONFIRMED |CONFIRMED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16458] New: Read of uninitialized memory in detect_camins_file

2020-03-26 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16458

Bug ID: 16458
   Summary: Read of uninitialized memory in detect_camins_file
   Product: Wireshark
   Version: Git
  Hardware: x86
OS: Linux
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Capture file support (libwiretap)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: fabien.lheur...@trust-in-soft.com
  Target Milestone: ---

Created attachment 17694
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17694&action=edit
This pcap file was generated by AFL and should allow to reproduce the issue

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
## Analysis Context

*The verification was performed with TrustInSoft Analyzer, a formal
static analyzer for C and C++.*

*The result is part of a larger security assessment performed by
TrustInSoft for* ***Naval Group***.

The analysis of wireshark was performed in the following environment:

- --
Platform  Ubuntu Linux 18.04
Tool  TrustInSoft Analyzer, a formal static analyzer
Input Files   Fuzzing of 10 000 pcap file using AFL
Verification  Analysis of `process_cap_file` with the AFL corpus
- --

 --- -- 
Wiresharkversion v2.6.16rc0  git commit dcd65a4012 
https://github.com/wireshark/wireshark.git
glib version 2.62.6  git commit eb0f73a39  
https://github.com/GNOME/glib.git
libgcryptversion 1.8.5   git commit ada758e3   
https://github.com/gpg/libgcrypt.git
libgpg-error version 1.37git commit 85b5006
https://github.com/gpg/libgpg-error.git
libpcap  version 1.9.1   git commit 1547215c   
https://github.com/the-tcpdump-group/libpcap.git
pcre version 8.43-RC1git commit 10e4adb
https://github.com/svn2github/pcre.git
pcre2version 10.10   git commit a677f5b
https://github.com/luvit/pcre2.git
zlib version 10.10   git commit a677f5b
https://github.com/madler/zlib.git
 --- -- 

- valgrind is deactivated in glib
- PCRE library is deactivated in glib
- `cap_files_hashes` is deactivated in wireshark

## Uninitialized Variable in *detect_camins_file*

In the function `detect_camins_file`, the variable `err` may be
uninitialized in the evaluation of the conditional statement `err ==
WTAP_ERR_SHORT_READ` when `wtap_read_bytes` returns a value different
from `0` but did not write into `err`.

File: wireshark/wiretap/camins.c

```c
while (wtap_read_bytes(fh, block, sizeof(block), &err, &err_info)) {
if (err == WTAP_ERR_SHORT_READ)
break;
```

Indeed, in the function `wtap_read_bytes`, if the condition
`bytes_read < 0 || (guint)bytes_read != count` is false, `err` remains
uninitialized.

File: wireshark/wiretap/wtap.c

```c
gboolean
wtap_read_bytes(FILE_T fh, void *buf, unsigned int count, int *err,
gchar **err_info)
{
int bytes_read;

bytes_read = file_read(buf, count, fh);
if (bytes_read < 0 || (guint)bytes_read != count) {
*err = file_error(fh, err_info);
if (*err == 0)
*err = WTAP_ERR_SHORT_READ;
return FALSE;
}
return TRUE;
}
```

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16459] New: Read of uninitialized memory in lanalyzer_read_trace_record

2020-03-26 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16459

Bug ID: 16459
   Summary: Read of uninitialized memory in
lanalyzer_read_trace_record
   Product: Wireshark
   Version: Git
  Hardware: x86
OS: Linux
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Capture file support (libwiretap)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: fabien.lheur...@trust-in-soft.com
  Target Milestone: ---

Created attachment 17695
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17695&action=edit
This pcap file was generated by AFL and should allow to reproduce the issue

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
## Analysis Context

*The verification was performed with TrustInSoft Analyzer, a formal
static analyzer for C and C++.*

*The result is part of a larger security assessment performed by
TrustInSoft for* ***Naval Group***.

The analysis of wireshark was performed in the following environment:

- --
Platform  Ubuntu Linux 18.04
Tool  TrustInSoft Analyzer, a formal static analyzer
Input Files   Fuzzing of 10 000 pcap file using AFL
Verification  Analysis of `process_cap_file` with the AFL corpus
- --

 --- -- 
Wiresharkversion v2.6.16rc0  git commit dcd65a4012 
https://github.com/wireshark/wireshark.git
glib version 2.62.6  git commit eb0f73a39  
https://github.com/GNOME/glib.git
libgcryptversion 1.8.5   git commit ada758e3   
https://github.com/gpg/libgcrypt.git
libgpg-error version 1.37git commit 85b5006
https://github.com/gpg/libgpg-error.git
libpcap  version 1.9.1   git commit 1547215c   
https://github.com/the-tcpdump-group/libpcap.git
pcre version 8.43-RC1git commit 10e4adb
https://github.com/svn2github/pcre.git
pcre2version 10.10   git commit a677f5b
https://github.com/luvit/pcre2.git
zlib version 10.10   git commit a677f5b
https://github.com/madler/zlib.git
 --- -- 

- valgrind is deactivated in glib
- PCRE library is deactivated in glib
- `cap_files_hashes` is deactivated in wireshark

## Uninitialized Variable in *lanalyzer_read_trace_record*

*The verification was performed with TrustInSoft Analyzer, a formal
static analyzer for C and C++.*

*The result is part of a larger security assessment performed by
TrustInSoft for* ***Naval Group***.

In the function `lanalyzer_read_trace_record`, the field
`lanalyzer->start` may be uninitialized in the evaluation of `tsecs +
lanalyzer->start`.

File: wireshark/wiretap/lanalyzer.c

```c
lanalyzer = (lanalyzer_t *)wth->priv;
rec->ts.secs = tsecs + lanalyzer->start;
```

Indeed, the field `wth->priv` points to another variable `lanalyzer`
allocated in the function `lanalyzer_open` but remained uninitialized.

File: wireshark/wiretap/lanalyzer.c

```c
lanalyzer = (lanalyzer_t *)g_malloc(sizeof(lanalyzer_t));
wth->priv = (void *)lanalyzer;
```

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16460] New: Read of uninitialized memory in pntoh16

2020-03-26 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16460

Bug ID: 16460
   Summary: Read of uninitialized memory in pntoh16
   Product: Wireshark
   Version: Git
  Hardware: x86
OS: Linux
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Capture file support (libwiretap)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: fabien.lheur...@trust-in-soft.com
  Target Milestone: ---

Created attachment 17696
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17696&action=edit
This pcap file was generated by AFL and should allow to reproduce the issue

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
## Analysis Context

*The verification was performed with TrustInSoft Analyzer, a formal
static analyzer for C and C++.*

*The result is part of a larger security assessment performed by
TrustInSoft for* ***Naval Group***.

The analysis of wireshark was performed in the following environment:

- --
Platform  Ubuntu Linux 18.04
Tool  TrustInSoft Analyzer, a formal static analyzer
Input Files   Fuzzing of 10 000 pcap file using AFL
Verification  Analysis of `process_cap_file` with the AFL corpus
- --

 --- -- 
Wiresharkversion v2.6.16rc0  git commit dcd65a4012 
https://github.com/wireshark/wireshark.git
glib version 2.62.6  git commit eb0f73a39  
https://github.com/GNOME/glib.git
libgcryptversion 1.8.5   git commit ada758e3   
https://github.com/gpg/libgcrypt.git
libgpg-error version 1.37git commit 85b5006
https://github.com/gpg/libgpg-error.git
libpcap  version 1.9.1   git commit 1547215c   
https://github.com/the-tcpdump-group/libpcap.git
pcre version 8.43-RC1git commit 10e4adb
https://github.com/svn2github/pcre.git
pcre2version 10.10   git commit a677f5b
https://github.com/luvit/pcre2.git
zlib version 10.10   git commit a677f5b
https://github.com/madler/zlib.git
 --- -- 

- valgrind is deactivated in glib
- PCRE library is deactivated in glib
- `cap_files_hashes` is deactivated in wireshark

## Uninitialized Variable in *pntoh16*

In the function `pntoh16`, either the memory location `(guint8 const
*)p+0` or `(guint8 const *)p+1` may be uninitialized.

File: wireshark/wsutil/pint.h

```c
static inline guint16 pntoh16(const void *p)
{
return (guint16)*((const guint8 *)(p)+0)<<8|
   (guint16)*((const guint8 *)(p)+1)<<0;
}
```

In one of the cases, the variable `p` is pointing to an offset of
a global variable of type `char [32768]` that was allocated in the
function `vwr_process_rec_data`. Its content is written by the
function `wtap_read_bytes` and, after this call, the buffer is
uninitialized starting from the offset `88`.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16461] New: Read of uninitialized memory in find_signature

2020-03-26 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16461

Bug ID: 16461
   Summary: Read of uninitialized memory in find_signature
   Product: Wireshark
   Version: Git
  Hardware: x86
OS: Linux
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Capture file support (libwiretap)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: fabien.lheur...@trust-in-soft.com
  Target Milestone: ---

Created attachment 17697
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17697&action=edit
This pcap file was generated by AFL and should allow to reproduce the issue

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
## Analysis Context

*The verification was performed with TrustInSoft Analyzer, a formal
static analyzer for C and C++.*

*The result is part of a larger security assessment performed by
TrustInSoft for* ***Naval Group***.

The analysis of wireshark was performed in the following environment:

- --
Platform  Ubuntu Linux 18.04
Tool  TrustInSoft Analyzer, a formal static analyzer
Input Files   Fuzzing of 10 000 pcap file using AFL
Verification  Analysis of `process_cap_file` with the AFL corpus
- --

 --- -- 
Wiresharkversion v2.6.16rc0  git commit dcd65a4012 
https://github.com/wireshark/wireshark.git
glib version 2.62.6  git commit eb0f73a39  
https://github.com/GNOME/glib.git
libgcryptversion 1.8.5   git commit ada758e3   
https://github.com/gpg/libgcrypt.git
libgpg-error version 1.37git commit 85b5006
https://github.com/gpg/libgpg-error.git
libpcap  version 1.9.1   git commit 1547215c   
https://github.com/the-tcpdump-group/libpcap.git
pcre version 8.43-RC1git commit 10e4adb
https://github.com/svn2github/pcre.git
pcre2version 10.10   git commit a677f5b
https://github.com/luvit/pcre2.git
zlib version 10.10   git commit a677f5b
https://github.com/madler/zlib.git
 --- -- 

- valgrind is deactivated in glib
- PCRE library is deactivated in glib
- `cap_files_hashes` is deactivated in wireshark

## Uninitialized Variable in *find_signature*

In the function `find_signature`, the variable `m_ptr[pay_off]` where
`pay_off` is equal to `56` may be pointing to uninitialized data.

File: wireshark/wiretap/vwr.c

```c
if (m_ptr[pay_off] == 0xdd)/* if magic byte is present */
return pay_off;
```

The variable `m_ptr` is pointing to an offset of a global variable of
type `char [32768]` that was allocated in the function
`vwr_process_rec_data`. Its content is written by the function
`wtap_read_bytes` and, after this call, the buffer is uninitialized
starting from the offset `52`.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16462] New: Signed Overflow in nstime_delta

2020-03-26 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16462

Bug ID: 16462
   Summary: Signed Overflow in nstime_delta
   Product: Wireshark
   Version: Git
  Hardware: x86
OS: Linux
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Capture file support (libwiretap)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: fabien.lheur...@trust-in-soft.com
  Target Milestone: ---

Created attachment 17698
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17698&action=edit
This pcap file was generated by AFL and should allow to reproduce the issue

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
## Analysis Context

*The verification was performed with TrustInSoft Analyzer, a formal
static analyzer for C and C++.*

*The result is part of a larger security assessment performed by
TrustInSoft for* ***Naval Group***.

The analysis of wireshark was performed in the following environment:

- --
Platform  Ubuntu Linux 18.04
Tool  TrustInSoft Analyzer, a formal static analyzer
Input Files   Fuzzing of 10 000 pcap file using AFL
Verification  Analysis of `process_cap_file` with the AFL corpus
- --

 --- -- 
Wiresharkversion v2.6.16rc0  git commit dcd65a4012 
https://github.com/wireshark/wireshark.git
glib version 2.62.6  git commit eb0f73a39  
https://github.com/GNOME/glib.git
libgcryptversion 1.8.5   git commit ada758e3   
https://github.com/gpg/libgcrypt.git
libgpg-error version 1.37git commit 85b5006
https://github.com/gpg/libgpg-error.git
libpcap  version 1.9.1   git commit 1547215c   
https://github.com/the-tcpdump-group/libpcap.git
pcre version 8.43-RC1git commit 10e4adb
https://github.com/svn2github/pcre.git
pcre2version 10.10   git commit a677f5b
https://github.com/luvit/pcre2.git
zlib version 10.10   git commit a677f5b
https://github.com/madler/zlib.git
 --- -- 

- valgrind is deactivated in glib
- PCRE library is deactivated in glib
- `cap_files_hashes` is deactivated in wireshark

## Signed Overflow in *nstime_delta*

In the function `nstime_delta`, there is signed overflow in the
computation of `b->nsecs - a->nsecs` when, for example, `b->nsecs` is
equal to `954436808` and `a->nsecs` is equal to `-2013266920`.

File wireshark/wsutil/nstime.c

```c
} else if (b->secs < a->secs) {
/* The seconds part of b is less than the seconds part of a, so b is
   before a.

   Both the "seconds" and "nanoseconds" value of the delta
   should have the same sign, so if the difference between the
   nanoseconds values would be *positive*, subtract 1,000,000,000
   from it, and add one to the seconds value. */
delta->secs = b->secs - a->secs;
delta->nsecs = b->nsecs - a->nsecs;
```

There is another signed overflow in the computation of `b->nsecs -
a->nsecs` when, for example, `b->nsecs` is equal to `234881023` and
`a->nsecs` is equal to `2147483661`.

File: wireshark/wsutil/nstime.c

```c
} else {
delta->secs = b->secs - a->secs;
delta->nsecs = b->nsecs - a->nsecs;
```

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16463] New: Signed Overflow in nstime_cmp

2020-03-26 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16463

Bug ID: 16463
   Summary: Signed Overflow in *nstime_cmp*
   Product: Wireshark
   Version: Git
  Hardware: x86
OS: Linux
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Capture file support (libwiretap)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: fabien.lheur...@trust-in-soft.com
  Target Milestone: ---

Created attachment 17699
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17699&action=edit
This pcap file was generated by AFL and should allow to reproduce the issue

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
## Analysis Context

*The verification was performed with TrustInSoft Analyzer, a formal
static analyzer for C and C++.*

*The result is part of a larger security assessment performed by
TrustInSoft for* ***Naval Group***.

The analysis of wireshark was performed in the following environment:

- --
Platform  Ubuntu Linux 18.04
Tool  TrustInSoft Analyzer, a formal static analyzer
Input Files   Fuzzing of 10 000 pcap file using AFL
Verification  Analysis of `process_cap_file` with the AFL corpus
- --

 --- -- 
Wiresharkversion v2.6.16rc0  git commit dcd65a4012 
https://github.com/wireshark/wireshark.git
glib version 2.62.6  git commit eb0f73a39  
https://github.com/GNOME/glib.git
libgcryptversion 1.8.5   git commit ada758e3   
https://github.com/gpg/libgcrypt.git
libgpg-error version 1.37git commit 85b5006
https://github.com/gpg/libgpg-error.git
libpcap  version 1.9.1   git commit 1547215c   
https://github.com/the-tcpdump-group/libpcap.git
pcre version 8.43-RC1git commit 10e4adb
https://github.com/svn2github/pcre.git
pcre2version 10.10   git commit a677f5b
https://github.com/luvit/pcre2.git
zlib version 10.10   git commit a677f5b
https://github.com/madler/zlib.git
 --- -- 

- valgrind is deactivated in glib
- PCRE library is deactivated in glib
- `cap_files_hashes` is deactivated in wireshark

## Signed Overflow in *nstime_cmp*

In the function `nstime_cmp`, there is a signed overflow in the
computation of `return (int) (a->secs - b->secs);` when, for
example, `a->secs` is equal to `1197148356256573` and `b->secs` is
equal to `-9222174888498519412`.

File: wireshark/wsutil/nstime.c

```c
if (a->secs == b->secs) {
return a->nsecs - b->nsecs;
} else {
return (int) (a->secs - b->secs);
}
```

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16464] New: Signed Overflow in peekclassic_read_packet_v7

2020-03-26 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16464

Bug ID: 16464
   Summary: Signed Overflow in peekclassic_read_packet_v7
   Product: Wireshark
   Version: Git
  Hardware: x86
OS: Linux
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Capture file support (libwiretap)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: fabien.lheur...@trust-in-soft.com
  Target Milestone: ---

Created attachment 17700
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17700&action=edit
This pcap file was generated by AFL and should allow to reproduce the issue

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
## Analysis Context

*The verification was performed with TrustInSoft Analyzer, a formal
static analyzer for C and C++.*

*The result is part of a larger security assessment performed by
TrustInSoft for* ***Naval Group***.

The analysis of wireshark was performed in the following environment:

- --
Platform  Ubuntu Linux 18.04
Tool  TrustInSoft Analyzer, a formal static analyzer
Input Files   Fuzzing of 10 000 pcap file using AFL
Verification  Analysis of `process_cap_file` with the AFL corpus
- --

 --- -- 
Wiresharkversion v2.6.16rc0  git commit dcd65a4012 
https://github.com/wireshark/wireshark.git
glib version 2.62.6  git commit eb0f73a39  
https://github.com/GNOME/glib.git
libgcryptversion 1.8.5   git commit ada758e3   
https://github.com/gpg/libgcrypt.git
libgpg-error version 1.37git commit 85b5006
https://github.com/gpg/libgpg-error.git
libpcap  version 1.9.1   git commit 1547215c   
https://github.com/the-tcpdump-group/libpcap.git
pcre version 8.43-RC1git commit 10e4adb
https://github.com/svn2github/pcre.git
pcre2version 10.10   git commit a677f5b
https://github.com/luvit/pcre2.git
zlib version 10.10   git commit a677f5b
https://github.com/madler/zlib.git
 --- -- 

- valgrind is deactivated in glib
- PCRE library is deactivated in glib
- `cap_files_hashes` is deactivated in wireshark

## Signed Overflow in *peekclassic_read_packet_v7*

In the function `peekclassic_read_packet_v7`, there is a signed
overflow in the computation of `tsecs*100` when, for example,
`tsecs` is equal to `12973661848816`.

File: wireshark/wiretap/peekclassic.c

```c
tsecs = (time_t) (timestamp/100);
tusecs = (guint32) (timestamp - tsecs*100);
```

In the previous statement, there is an implicit conversion in
`timestamp / (guint64)100` because `timestamp` has the type
`guint64`, on the contrary to the statement where the overflow
happens, `tsecs` is of type `time_t` which is signed.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16457] tshark logs: "...could not be opened: Too many open files."

2020-03-26 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16457

--- Comment #11 from fabian  ---
Thanks for this fast fix :-)

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16465] New: Signed Overflow in ber_open

2020-03-26 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16465

Bug ID: 16465
   Summary: Signed Overflow in ber_open
   Product: Wireshark
   Version: Git
  Hardware: x86
OS: Linux
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Capture file support (libwiretap)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: fabien.lheur...@trust-in-soft.com
  Target Milestone: ---

Created attachment 17701
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17701&action=edit
This pcap file was generated by AFL and should allow to reproduce the issue

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
## Analysis Context

*The verification was performed with TrustInSoft Analyzer, a formal
static analyzer for C and C++.*

*The result is part of a larger security assessment performed by
TrustInSoft for* ***Naval Group***.

The analysis of wireshark was performed in the following environment:

- --
Platform  Ubuntu Linux 18.04
Tool  TrustInSoft Analyzer, a formal static analyzer
Input Files   Fuzzing of 10 000 pcap file using AFL
Verification  Analysis of `process_cap_file` with the AFL corpus
- --

 --- -- 
Wiresharkversion v2.6.16rc0  git commit dcd65a4012 
https://github.com/wireshark/wireshark.git
glib version 2.62.6  git commit eb0f73a39  
https://github.com/GNOME/glib.git
libgcryptversion 1.8.5   git commit ada758e3   
https://github.com/gpg/libgcrypt.git
libgpg-error version 1.37git commit 85b5006
https://github.com/gpg/libgpg-error.git
libpcap  version 1.9.1   git commit 1547215c   
https://github.com/the-tcpdump-group/libpcap.git
pcre version 8.43-RC1git commit 10e4adb
https://github.com/svn2github/pcre.git
pcre2version 10.10   git commit a677f5b
https://github.com/luvit/pcre2.git
zlib version 10.10   git commit a677f5b
https://github.com/madler/zlib.git
 --- -- 

- valgrind is deactivated in glib
- PCRE library is deactivated in glib
- `cap_files_hashes` is deactivated in wireshark

## Signed Overflow in *ber_open*

In the function `ber_open`, there is a signed overflow in the
computation of `len<<8` when, for example, `len` is equal to
`12825271`.

File: wireshark/wiretap/ber.c

```c
while(i--) {
  oct = bytes[offset++];
  len = (len<<8) + oct;
}
```

Indeed, the values of `bytes` are:

```
bytes[0] ∈ {162}
 [1] ∈ {132}
 [2] ∈ {255}
 [3] ∈ {13}
 [4..5] ∈ {255}
 [6] ∈ {132}
 [7] ∈ {255}
```

Thus, on the 4th iteration of the loop, `len` is equal to `16715263`,
and when shifted by `8`, there is a signed overflow.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16453] Decryption tests fail on ubuntu

2020-03-26 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16453

--- Comment #11 from Mikael Kanstrup  ---
(In reply to Peter Wu from comment #10)
> @Mikael it may be worth setting WIRESHARK_CONFIG_DIR=/x or HOME=/x before
> running valgrind. This ensures that the test is executed with an empty
> configuration profile. That may or may not have side-effects that affect the
> result.

Thanks, now I've tried that as well. Both with and without 80211_keys copied to
the new directory. Valgrind is still happy so seems not related to memory
issues. I tried bisecting around some of these commits but was not able to
reproduce anything.


> (In reply to Dario Lombardo from comment #9)
> > a bunch of tests failing. Most of them are decryption tests but there are
> > other failing tests too.
> I checked and they all come from decryption suite.

These failures, are they really related to decryption? 

FAILED
suite_nameres.py::case_name_resolution::test_name_resolution_net_t_ext_f_hosts_f_custom
FAILED
suite_nameres.py::case_name_resolution::test_name_resolution_net_t_ext_f_hosts_f_personal
FAILED
suite_nameres.py::case_name_resolution::test_name_resolution_net_t_ext_f_hosts_t_custom
FAILED
suite_nameres.py::case_name_resolution::test_name_resolution_net_t_ext_f_hosts_t_personal

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16453] Decryption tests fail on ubuntu

2020-03-26 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16453

--- Comment #12 from Dario Lombardo  ---
No they don't look so. But I haven't seen them in the test log I checked. Which
CI are you looking at?

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16453] Decryption tests fail on ubuntu

2020-03-26 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16453

--- Comment #13 from Mikael Kanstrup  ---
(In reply to Dario Lombardo from comment #12)
> No they don't look so. But I haven't seen them in the test log I checked.
> Which CI are you looking at?

The one Peter shared. Build 189:
https://github.com/crondaemon/wireshark/actions/runs/62237995

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13569] RTP PLAYER enhancement Pause , resume and ability to move playback , increase ICON legend

2020-03-26 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13569

Chuck Craft  changed:

   What|Removed |Added

 CC||bubbas...@gmail.com

--- Comment #1 from Chuck Craft  ---
Duplicate of or related to
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13512 ?

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16466] New: LBMSRS packet upload for review

2020-03-26 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16466

Bug ID: 16466
   Summary: LBMSRS packet upload for review
   Product: Wireshark
   Version: unspecified
  Hardware: x86-64
OS: Windows 10
Status: UNCONFIRMED
  Severity: Normal
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: indrane...@gmail.com
  Target Milestone: ---

Created attachment 17702
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17702&action=edit
LBMSRS Capture file

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
This is with reference to the change
https://code.wireshark.org/review/#/c/36558/
Uploading the relevant capture files as asked by the reviewers.

TCP Port 21610 is the LBMSRS port.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13845] Progress bar not displayed in RTP audio stream playback when 'Time of Day' check box selected

2020-03-28 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13845

Mitch Claborn  changed:

   What|Removed |Added

 CC||mi...@mmhatch.com

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13845] Progress bar not displayed in RTP audio stream playback when 'Time of Day' check box selected

2020-03-28 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13845

--- Comment #1 from Mitch Claborn  ---
This is a problem in 3.2.2

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16153] Window size scaling factor when set from Preferences

2020-03-28 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16153

--- Comment #1 from Gerrit Code Review  ---
Change 36610 had a related patch set uploaded by Martin Mathieson:
When using preference for window scaling, show same way as signalled.

https://code.wireshark.org/review/36610

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16462] Signed Overflow in nstime_delta

2020-03-28 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16462

Martin Mathieson  changed:

   What|Removed |Added

 CC||ghar...@sonic.net,
   ||martin.r.mathieson@googlema
   ||il.com

--- Comment #1 from Martin Mathieson  ---
I'm not really sure why nsecs is a signed value?

/** data structure to hold time values with nanosecond resolution*/
typedef struct {
time_t  secs;
int nsecs;
} nstime_t;

Later on in nstime_delta() this property is temporarily used - I am guessing
maybe to simplify the function, but also to avoid the need to do an expensive %
NS_PER_S operation? The output 'delta' is normalised (to a +ve nsecs) before
the function exits.


I am guessing that it just wouldn't be appropriate/valid for an incoming time
to have a -ve nsecs value though?

Adding Guy Harris, who is likely aware of the history of this type..

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16153] Window size scaling factor when set from Preferences

2020-03-29 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16153

--- Comment #2 from Gerrit Code Review  ---
Change 36610 merged by Martin Mathieson:
When using preference for window scaling, show same way as signalled.

https://code.wireshark.org/review/36610

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16453] Decryption tests fail on Ubuntu with GitHub actions

2020-03-29 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16453

Peter Wu  changed:

   What|Removed |Added

 Resolution|--- |WORKSFORME
Summary|Decryption tests fail on|Decryption tests fail on
   |ubuntu  |Ubuntu with GitHub actions
  Component|Extras  |Build process
 Status|UNCONFIRMED |RESOLVED

--- Comment #14 from Peter Wu  ---
I compared the logs, but could not find anything that hints to the root cause.
The same Debian package versions appear to be installed. Maybe there was some
other issue such as a full disk, a temporary directory name collision or other
environment-specific issue.

In any case, I don't think it is worth spending more time on this as this can
no longer be reproduced.

For reference, this is the full list of failures from that particular build:
FAILED suite_decryption.py::case_decrypt_80211::test_80211_owe -
AssertionErr...
FAILED suite_decryption.py::case_decrypt_80211::test_80211_wpa2_psk_mfp -
Ass...
FAILED suite_decryption.py::case_decrypt_80211::test_80211_wpa3_suite_b_192
FAILED suite_decryption.py::case_decrypt_80211::test_80211_wpa_eap -
Assertio...
FAILED
suite_decryption.py::case_decrypt_80211::test_80211_wpa_extended_key_id_rekey
FAILED suite_decryption.py::case_decrypt_80211::test_80211_wpa_gcmp_256 -
Ass...
FAILED suite_decryption.py::case_decrypt_80211::test_80211_wpa_psk_mfp -
Asse...
FAILED suite_decryption.py::case_decrypt_dtls::test_dtls_rsa -
AssertionError...
FAILED suite_decryption.py::case_decrypt_tls::test_tls_rsa_with_password -
As...
FAILED suite_decryption.py::case_decrypt_ansi_c1222::test_ansi_c1222 -
Assert...
FAILED suite_decryption.py::case_decrypt_80211::test_80211_wpa1_gtk_rekey -
A...
FAILED suite_decryption.py::case_decrypt_80211::test_80211_wpa3_personal -
As...
FAILED suite_decryption.py::case_decrypt_ipsec::test_ipsec_esp -
AssertionErr...
FAILED suite_decryption.py::case_decrypt_ike_isakmp::test_ikev1_simultaneous
FAILED suite_decryption.py::case_decrypt_80211::test_80211_wpa_ccmp_256 -
Ass...
FAILED suite_decryption.py::case_decrypt_ike_isakmp::test_ikev2_3des_sha160
FAILED suite_decryption.py::case_decrypt_ike_isakmp::test_ikev2_aes128_ccm12_2
FAILED
suite_decryption.py::case_decrypt_80211::test_80211_wpa_eapol_incomplete_rekeys
FAILED
suite_decryption.py::case_decrypt_ike_isakmp::test_ikev2_aes256cbc_sha256
FAILED suite_decryption.py::case_decrypt_80211::test_80211_wpa_gcmp -
Asserti...
FAILED suite_decryption.py::case_decrypt_ike_isakmp::test_ikev2_aes256gcm16
FAILED suite_decryption.py::case_decrypt_80211::test_80211_wpa_psk -
Assertio...
FAILED suite_decryption.py::case_decrypt_80211::test_80211_wpa_tdls -
Asserti...
FAILED suite_decryption.py::case_decrypt_tls::test_tls_rsa - AssertionError:
...
FAILED suite_decryption.py::case_decrypt_ike_isakmp::test_ikev1_certs -
Asser...
FAILED suite_decryption.py::case_decrypt_ike_isakmp::test_ikev1_unencrypted
FAILED suite_decryption.py::case_decrypt_ike_isakmp::test_ikev2_aes128_ccm12
FAILED
suite_decryption.py::case_decrypt_ike_isakmp::test_ikev2_aes192ctr_sha512
FAILED suite_decryption.py::case_decrypt_ike_isakmp::test_ikev2_aes256ccm16
FAILED suite_decryption.py::case_decrypt_ike_isakmp::test_ikev2_aes256gcm8 -
...
FAILED
suite_nameres.py::case_name_resolution::test_name_resolution_net_t_ext_f_hosts_f_custom
FAILED
suite_nameres.py::case_name_resolution::test_name_resolution_net_t_ext_f_hosts_f_personal
FAILED
suite_nameres.py::case_name_resolution::test_name_resolution_net_t_ext_f_hosts_t_custom
FAILED
suite_nameres.py::case_name_resolution::test_name_resolution_net_t_ext_f_hosts_t_personal
== 34 failed, 517 passed, 20 skipped, 8 warnings in 85.82s (0:01:25)
===

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16453] Decryption tests fail on Ubuntu with GitHub actions

2020-03-29 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16453

--- Comment #15 from Dario Lombardo  ---
I ended up to the same conclusion. Something their side. I was waiting for a
"sentiment timeout" before closing this bug.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16467] New: Documentation - ${parameter} overloading of Display Filter Macro syntax

2020-03-29 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16467

Bug ID: 16467
   Summary: Documentation -  ${parameter} overloading of Display
Filter Macro syntax
   Product: Wireshark
   Version: unspecified
  Hardware: All
OS: All
Status: UNCONFIRMED
  Severity: Enhancement
  Priority: Low
 Component: Documentation
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: bubbas...@gmail.com
  Target Milestone: ---

Created attachment 17703
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17703&action=edit
Display filter expression - tcp.stream==${tcp.stream}

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
(Attached screenshot from @synbit presentation for Core-IT 2020)

Also seen here:
https://www.cellstream.com/reference-reading/tipsandtricks/353-wireshark-display-filter-macros

Macro Name  Purpose Macro Filter Syntax  
Display FilterSyntax to call the Macro
n/a Find all packets in the TCP stream of the current selected packet  
tcp.stream == ${tcp.stream} n/a

Looks a lot like this so appreciate the syntax:
https://www.tldp.org/LDP/abs/html/parameter-substitution.html

But then it looks like this also:
https://www.wireshark.org/docs/wsug_html_chunked/ChDisplayFilterMacrosSection.html

Nothing here to indicate its a valid syntax:
https://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDisplayFilterSection.html#_comparing_values

What is this syntax and where should it be documented?

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16463] Signed Overflow in nstime_cmp

2020-03-30 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16463

Martin Mathieson  changed:

   What|Removed |Added

 CC||martin.r.mathieson@googlema
   ||il.com

--- Comment #1 from Martin Mathieson  ---
See my comment for the related 16463.  I believe it may be an undocumented
invariant for both nstime_cmp() and nstime_delta() that for absolute times
(such as those passed into both of these functions), secs and nsecs should be
positive values.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16343] Wrong "clock drift" and "freq drift" in "RTP stream analysis" window

2020-03-30 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16343

Martin Mathieson  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 CC||martin.r.mathieson@googlema
   ||il.com
 Status|UNCONFIRMED |RESOLVED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15841] Scaling Factor preference is used even when TCP handshake does not support Window Scaling

2020-03-30 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15841

Martin Mathieson  changed:

   What|Removed |Added

 CC||martin.r.mathieson@googlema
   ||il.com

--- Comment #1 from Martin Mathieson  ---
Jeffrey, could you please provide a capture file with those TCP options so I
can reproduce and fix?

Thanks,
Martin

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16415] Support for IEEE 802.11 60GHz Information Element

2020-03-30 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16415

Peter Wu  changed:

   What|Removed |Added

  Comment #3 is|1   |0
private||
  Group|private |

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16426] Support for new 802.11ad-2012 DMG fixed parameters

2020-03-30 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16426

Peter Wu  changed:

   What|Removed |Added

  Comment #4 is|1   |0
private||
 Status|UNCONFIRMED |RESOLVED
 Resolution|--- |FIXED
  Group|private |

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16468] New: f5ethtrailer can't find trailer when short frame contains padding

2020-03-30 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16468

Bug ID: 16468
   Summary: f5ethtrailer can't find trailer when short frame
contains padding
   Product: Wireshark
   Version: 3.2.2
  Hardware: x86
OS: macOS 10.14
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: kryojen...@gmail.com
  Target Milestone: ---

Created attachment 17704
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17704&action=edit
Short pcap file with short frames.  The padding an trailers are the important
parts.  The conted of the ethernet payload is crafted.

Build Information:
$ tshark -v
TShark (Wireshark) 3.2.2 (v3.2.2-0-ga3efece3d640)

Copyright 1998-2020 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later

This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap, without POSIX capabilities, with GLib 2.37.6,
with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.15.0, with Lua 5.2.4, with
GnuTLS 3.4.17, with Gcrypt 1.8.5, with MIT Kerberos, with MaxMind DB resolver,
with nghttp2 1.39.2, with brotli, with LZ4, with Zstandard, with Snappy, with
libxml2 2.9.9.

Running on Mac OS X 10.15.4, build 19E266 (Darwin 19.4.0), with Intel(R)
Core(TM) i7-7920HQ CPU @ 3.10GHz (with SSE4.2), with 16384 MB of physical
memory, with locale en_US.UTF-8, with libpcap version 1.9.1, with GnuTLS
3.4.17,
with Gcrypt 1.8.5, with brotli 1.0.7, with zlib 1.2.11, binary plugins
supported
(0 loaded).

Built using clang 4.2.1 Compatible Apple LLVM 11.0.0 (clang-1100.0.33.16).
--
The f5ethtrailer is unable to find it's trailers on frames that are shorter
that 64 bytes since the ethernet (by default) trailer will consume the first
bytes of the trailer for padding which include the signature and important
f5ethtrailer fields.

The setting is:
eth.assume_padding: TRUE

With the default setting you can see it cant find the trailer on frames 1,2,3.
$ tshark -r short-frames.pcap
1   0.00  00:00:00_00:00:00 → 00:00:00_00:00:00 FILEINFO 214 tcpdump
-vni 0.0 --f5 n -w /shared/tmp/short-frames.pcap udp and host 10.1.163.30 or
10.2.63.146
2   5.505595 4093  10.1.63.144 → 10.1.163.30  DNS 156 [Malformed Packet]
3   5.505803 4094 VMware_86:fd:1e → BroadcastARP 153 Who has
10.2.63.146? Tell 10.2.63.68
4   5.506243 4094 VMware_86:4a:91 → VMware_86:fd:1e ARP 171 IN  s1/tmm0 :
10.2.63.146 is at 00:50:56:86:4a:91
5   5.506266 4094  10.1.63.144 → 10.2.63.146  DNS 171 [Malformed Packet]

With the setting set to FALSE it is able to find it's trailers and update the
INFO column

$ tshark -o eth.assume_padding:FALSE -r short-frames.pcap
1   0.00  00:00:00_00:00:00 → 00:00:00_00:00:00 FILEINFO 214 tcpdump
-vni 0.0 --f5 n -w /shared/tmp/short-frames.pcap udp and host 10.1.163.30 or
10.2.63.146
2   5.505595 4093  10.1.63.144 → 10.1.163.30  DNS 156 IN  s1/tmm0 :
[Malformed Packet]
3   5.505803 4094 VMware_86:fd:1e → BroadcastARP 153 OUT s1/tmm0 : Who
has 10.2.63.146? Tell 10.2.63.68
4   5.506243 4094 VMware_86:4a:91 → VMware_86:fd:1e ARP 171 IN  s1/tmm0 :
10.2.63.146 is at 00:50:56:86:4a:91
5   5.506266 4094  10.1.63.144 → 10.2.63.146  DNS 171 OUT s1/tmm0 :
[Malformed Packet]

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16468] f5ethtrailer can't find trailer when short frame contains padding

2020-03-30 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16468

--- Comment #1 from Jason Cohen  ---
More specific output related to the fields in question:

$ tshark -r short-frames.pcap -T fields -e eth.padding -e eth.trailer -e
f5ethtrailer.trailer_magic

f5deb0f5006b0001000100
f5deb0f5006b000100010001000c
0xf5deb0f5
f5deb0f5007a0001000100

$ tshark -o eth.assume_padding:FALSE -r short-frames.pcap -T fields -e
eth.padding -e eth.trailer -e f5ethtrailer.trailer_magic

0xf5deb0f5
0xf5deb0f5
0xf5deb0f5
0xf5deb0f5

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15841] Scaling Factor preference is used even when TCP handshake does not support Window Scaling

2020-03-30 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15841

--- Comment #2 from Gerrit Code Review  ---
Change 36637 had a related patch set uploaded by Martin Mathieson:
TCP: Don't scale calculated window size using preference if no scaling
signalled.

https://code.wireshark.org/review/36637

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15959] TCP Calculated Window Size is incorrect when no window scaling -2 is used, scale factor from preferences is used

2020-03-30 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15959

--- Comment #1 from Gerrit Code Review  ---
Change 36637 had a related patch set uploaded by Martin Mathieson:
TCP: Don't scale calculated window size using preference if no scaling
signalled.

https://code.wireshark.org/review/36637

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16468] f5ethtrailer can't find trailer when short frame contains padding

2020-03-30 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16468

Peter Wu  changed:

   What|Removed |Added

 CC||pe...@lekensteyn.nl,
   ||s...@euronet.nl
 Status|UNCONFIRMED |CONFIRMED
 Ever confirmed|0   |1

--- Comment #2 from Peter Wu  ---
The assumption of Ethernet padding being present for short packets was added in
2011 by Sake in commit efd2ce4116f944184e2588fcf382cfb828d4ddda.

Is there any way to make this work out-of-the-box? For example, if eth.padding
is always zeroes, and the assumed "padding" is not zeroes, we could assume it
is part of the trailer. Would that work with your captures Sake?

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16375] [oss-fuzz] Direct-leak in g_malloc (dissect_dhcpopt_sip_servers)

2020-03-31 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16375

--- Comment #1 from Gerrit Code Review  ---
Change 36640 had a related patch set uploaded by Yannan:
[WIP] Fuzz test memory leak fix, partial

https://code.wireshark.org/review/36640

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15841] Scaling Factor preference is used even when TCP handshake does not support Window Scaling

2020-03-31 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15841

--- Comment #3 from Gerrit Code Review  ---
Change 36637 merged by Martin Mathieson:
TCP: Don't scale calculated window size using preference if no scaling
signalled

https://code.wireshark.org/review/36637

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15959] TCP Calculated Window Size is incorrect when no window scaling -2 is used, scale factor from preferences is used

2020-03-31 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15959

--- Comment #2 from Gerrit Code Review  ---
Change 36637 merged by Martin Mathieson:
TCP: Don't scale calculated window size using preference if no scaling
signalled

https://code.wireshark.org/review/36637

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16469] New: ieee80211: Dissection of Beacon Measurement request/report not complete

2020-03-31 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16469

Bug ID: 16469
   Summary: ieee80211: Dissection of  Beacon Measurement
request/report not complete
   Product: Wireshark
   Version: 3.2.2
  Hardware: x86
OS: All
Status: UNCONFIRMED
  Severity: Normal
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: cedric.izo...@ceva-dsp.com
  Target Milestone: ---

Created attachment 17705
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17705&action=edit
example of beacon request/report

Build Information:
Compiled (64-bit) with Qt 5.12.6, with WinPcap SDK (WpdPack) 4.1.2, with GLib
2.52.3, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.15.0, with Lua 5.2.4,
with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos,
with MaxMind DB resolver, with nghttp2 1.39.2, with brotli, with LZ4, with
Zstandard, with Snappy, with libxml2 2.9.9, with QtMultimedia, with automatic
updates using WinSparkle 0.5.7, with AirPcap, with SpeexDSP (using bundled
resampler), with SBC, with SpanDSP, with bcg729.
--
With IEEE P802.11-REVmd/D0.4 new sub elements have been defined for beacon
radio measurement request/report.

For beacon measurement request, unknown sub element are correctly skipped (with
a warning).
For beacon report is not the case and their payload is treated as the next sub
element causing parsing error.

Note that I intend to push a patch to correct those issues.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15959] TCP Calculated Window Size is incorrect when no window scaling -2 is used, scale factor from preferences is used

2020-03-31 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15959

Martin Mathieson  changed:

   What|Removed |Added

 CC||martin.r.mathieson@googlema
   ||il.com
 Status|UNCONFIRMED |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15841] Scaling Factor preference is used even when TCP handshake does not support Window Scaling

2020-03-31 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15841

Martin Mathieson  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|UNCONFIRMED |RESOLVED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16469] ieee80211: Dissection of Beacon Measurement request/report not complete

2020-03-31 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16469

Alexis La Goutte  changed:

   What|Removed |Added

 Status|UNCONFIRMED |IN_PROGRESS
 CC||alexis.lagou...@gmail.com
 Ever confirmed|0   |1

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16470] New: The IEEE 802.3br frame preemption dissector is confused by unrelated packets

2020-03-31 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16470

Bug ID: 16470
   Summary: The IEEE 802.3br frame preemption dissector is
confused by unrelated packets
   Product: Wireshark
   Version: 2.6.10
  Hardware: x86
OS: Linux
Status: UNCONFIRMED
  Severity: Minor
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: levente.mesza...@gmail.com
  Target Milestone: ---

Created attachment 17706
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17706&action=edit
PCAPng trace file

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
Packets #112 and #116 are two outgoing fragments of the same frame. Packet #115
is the express frame that preempted the normal frame. Packets #113 and #114 are
two incoming frames on the same interface. The dissector fails to understand
the preemption correctly, because it gets confused by the two incoming frames.
If you hit Ctrl-D on #113 and #114, then the dissector correctly decodes the
fragmented frames.

See the attahced trace file.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16470] The IEEE 802.3br frame preemption dissector is confused by unrelated packets

2020-03-31 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16470

--- Comment #1 from levente.mesza...@gmail.com ---
I've just checked Wireshark 3.2.2 and it has the same problem.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16471] New: Add support for dissecting ScyllaDB RPC protocol

2020-03-31 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16471

Bug ID: 16471
   Summary: Add support for dissecting ScyllaDB RPC protocol
   Product: Wireshark
   Version: Git
  Hardware: x86
OS: Linux
Status: UNCONFIRMED
  Severity: Enhancement
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: sa...@scylladb.com
  Target Milestone: ---

Created attachment 17707
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17707&action=edit
ScyllaDB protocol sample pcap

Build Information:
Wireshark 3.3.0 (v3.3.0rc0-885-g2c2d6fdc864a)

Copyright 1998-2020 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later

This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.14.1, with libpcap, with POSIX capabilities
(Linux),
with libnl 3, with GLib 2.64.1, with zlib 1.2.11, without SMI, with c-ares
1.16.0, with Lua 5.2.4, with GnuTLS 3.6.12 and PKCS #11 support, with Gcrypt
1.8.5, with MIT Kerberos, with MaxMind DB resolver, with nghttp2 1.40.0, with
brotli, with LZ4, with Zstandard, with Snappy, with libxml2 2.9.10, with
QtMultimedia, without automatic updates, with SpeexDSP (using system library).

Running on Linux 5.3.0-rc7-1-gbc9383eff6e1-dirty, with Intel(R) Core(TM)
i7-7700HQ CPU @ 2.80GHz (with SSE4.2), with 31958 MB of physical memory, with
locale en_US.UTF-8, with libpcap version 1.9.1 (with TPACKET_V3), with GnuTLS
3.6.12, with Gcrypt 1.8.5, with brotli 1.0.7, with zlib 1.2.11, binary plugins
supported (0 loaded).

Built using gcc 9.3.0.
--
ScyllaDB (www.scylladb.com) is a No-SQL database serving multiple
client protocols (e.g. CQL) - however, as of today, wireshark is not able to
dissect its internal, inter-node RPC protocol, used by
the nodes to communicate with each other - share data, gossip
the cluster state, update the schemas, etc.

An initial dissector is implemented and pushed here:
https://code.wireshark.org/review/#/c/36633/ , and one of the review requests
was to create a corresponding bug tracker issue.
This dissector implements only a shallow dissection of most packets,
i.e. recognizing the packet type. Two requests with deeper dissection
are MUTATION and READ_DATA, used by I/O operations in the database.

Attached: sample pcap gathered by spawning a local 2-node ScyllaDB cluster and
performing sample I/O operations on the database.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16469] ieee80211: Dissection of Beacon Measurement request/report not complete

2020-03-31 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16469

--- Comment #1 from Gerrit Code Review  ---
Change 36643 had a related patch set uploaded by cedric izoard:
ieee80211: Beacon Radio Measurement request/report update

https://code.wireshark.org/review/36643

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16472] New: Typo in About Wireshark > Keyboard Shortcuts > Unignore All Displayed

2020-03-31 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16472

Bug ID: 16472
   Summary: Typo in About Wireshark > Keyboard Shortcuts >
Unignore All Displayed
   Product: Wireshark
   Version: 3.2.2
  Hardware: x86
OS: macOS 10.15
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Qt UI
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: felix...@gmail.com
  Target Milestone: ---

Created attachment 17708
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17708&action=edit
screenshot from About Wireshark > Keyboard Shortcuts.

Build Information:
3.2.2 (v3.2.2-0-ga3efece3d640)

Compiled (64-bit) with Qt 5.12.6, with libpcap, without POSIX capabilities,
with
GLib 2.37.6, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.15.0, with Lua
5.2.4, with GnuTLS 3.4.17, with Gcrypt 1.8.5, with MIT Kerberos, with MaxMind
DB
resolver, with nghttp2 1.39.2, with brotli, with LZ4, with Zstandard, with
Snappy, with libxml2 2.9.9, with QtMultimedia, with automatic updates using
Sparkle, with SpeexDSP (using system library), with SBC, with SpanDSP, with
bcg729.

Running on Mac OS X 10.15.4, build 19E266 (Darwin 19.4.0), with Intel(R)
Core(TM) i7-9750H CPU @ 2.60GHz (with SSE4.2), with 16384 MB of physical
memory,
with locale en_US.UTF-8, with light display mode, with HiDPI, with libpcap
version 1.9.1, with GnuTLS 3.4.17, with Gcrypt 1.8.5, with brotli 1.0.7, with
zlib 1.2.11, binary plugins supported (19 loaded).

Built using clang 4.2.1 Compatible Apple LLVM 11.0.0 (clang-1100.0.33.16).

--
Not so much a misspelling but an extra & character in the description for
Unignore All Displayed. 

The row in question: 
⌥⌘D - Unignore All Displayed - U&nignore all displayed packets

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16472] Typo in About Wireshark > Keyboard Shortcuts > Unignore All Displayed

2020-04-01 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16472

--- Comment #1 from Gerrit Code Review  ---
Change 36651 had a related patch set uploaded by Uli Heilmeier:
QT/UI: Fix shortcut

https://code.wireshark.org/review/36651

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16472] Typo in About Wireshark > Keyboard Shortcuts > Unignore All Displayed

2020-04-01 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16472

Uli Heilmeier  changed:

   What|Removed |Added

Version|3.2.2   |Git
 Ever confirmed|0   |1
 OS|macOS 10.15 |All
   Severity|Major   |Minor
 Status|UNCONFIRMED |IN_PROGRESS
   Hardware|x86 |All
 CC||u...@heilmeier.eu

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16329] Error while capturing packets: PacketReceivePacket error: The I/O operation has been aborted because of either a thread exit or an application request. (995)

2020-04-01 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16329

jwhit...@lakers.mercyhurst.edu changed:

   What|Removed |Added

 CC||jwhite30@lakers.mercyhurst.
   ||edu

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16473] New: 16329

2020-04-01 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16473

Bug ID: 16473
   Summary: 16329
   Product: Wireshark
   Version: unspecified
  Hardware: x86-64
OS: Windows 10
Status: UNCONFIRMED
  Severity: Normal
  Priority: Low
 Component: Build process
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: jwhit...@lakers.mercyhurst.edu
  Target Milestone: ---

Build Information:
PacketReceivePacket error - "thread error or an application request" (995)
--
PacketReceivePacket error - "thread error or an application request"  (995)

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16473] 16329

2020-04-01 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16473

Pascal Quantin  changed:

   What|Removed |Added

 Resolution|--- |NOTABUG
 Status|UNCONFIRMED |RESOLVED
 CC||pas...@wireshark.org

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16472] Typo in About Wireshark > Keyboard Shortcuts > Unignore All Displayed

2020-04-01 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16472

--- Comment #2 from Gerrit Code Review  ---
Change 36651 merged by Gerald Combs:
QT/UI: Fix shortcut

https://code.wireshark.org/review/36651

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16472] Typo in About Wireshark > Keyboard Shortcuts > Unignore All Displayed

2020-04-01 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16472

--- Comment #4 from Gerrit Code Review  ---
Change 36658 had a related patch set uploaded by Uli Heilmeier:
QT/UI: Fix shortcut

https://code.wireshark.org/review/36658

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16472] Typo in About Wireshark > Keyboard Shortcuts > Unignore All Displayed

2020-04-01 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16472

--- Comment #3 from Gerrit Code Review  ---
Change 36657 had a related patch set uploaded by Uli Heilmeier:
QT/UI: Fix shortcut

https://code.wireshark.org/review/36657

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16474] New: [oss-fuzz] #21541: Stack-overflow in fAbstractSyntaxNType

2020-04-01 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16474

Bug ID: 16474
   Summary: [oss-fuzz] #21541: Stack-overflow in
fAbstractSyntaxNType
   Product: Wireshark
   Version: unspecified
  Hardware: All
OS: All
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: ger...@wireshark.org
  Target Milestone: ---

Created attachment 17709
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17709&action=edit
Reproducer test case

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
OSS-Fuzz found an issue in the BACapp dissector:

[Environment] ASAN_OPTIONS="allow_user_segv_handler=0:symbolize=0"
+Release Build
Stacktrace+
Command:
/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-honggfuzz_wireshark_9de6374568df96eba97b9288a3fce517c93d2636/revisions/fuzzshark_ip_proto-udp
Bot: oss-fuzz-linux-zone2-host-whkl-13
Time ran: 4.977197885513306

oss-fuzzshark: disabling: ip
oss-fuzzshark: disabling: udplite
oss-fuzzshark: disabling: ospf
oss-fuzzshark: disabling: bgp
oss-fuzzshark: disabling: dhcp
oss-fuzzshark: disabling: json
oss-fuzzshark: disabling: snort
oss-fuzzshark: configured for dissector: udp in table: ip.proto
Accepting input from '[STDIN]'
Usage for fuzzing: honggfuzz -P [flags] --
/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-honggfuzz_wireshark_9de6374568df96eba97b9288a3fce517c93d2636/revisions/fuzzshark_ip_proto-udp
AddressSanitizer:DEADLYSIGNAL
=
==178626==ERROR: AddressSanitizer: stack-overflow on address
0x7fff65fd29b8 (pc 0x0043da28 bp 0x7fff65fd3230 sp 0x7fff65fd29c0 T0)
#0 0x43da28 in __vsnprintf_chk
/src/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:1652:1
#1 0x29dc81e in g_snprintf
#2 0xa8258b in fAbstractSyntaxNType
/src/wireshark/epan/dissectors/packet-bacapp.c:8489:9
#3 0xa882b0 in fTimerStateChangeValue
/src/wireshark/epan/dissectors/packet-bacapp.c:11474:26
#4 0xa882b0 in fAbstractSyntaxNType
/src/wireshark/epan/dissectors/packet-bacapp.c:8928:22
#5 0xa882b0 in fTimerStateChangeValue
/src/wireshark/epan/dissectors/packet-bacapp.c:11474:26
#6 0xa882b0 in fAbstractSyntaxNType
/src/wireshark/epan/dissectors/packet-bacapp.c:8928:22
#7 0xa882b0 in fTimerStateChangeValue
/src/wireshark/epan/dissectors/packet-bacapp.c:11474:26
#8 0xa882b0 in fAbstractSyntaxNType
/src/wireshark/epan/dissectors/packet-bacapp.c:8928:22
#9 0xa882b0 in fTimerStateChangeValue
/src/wireshark/epan/dissectors/packet-bacapp.c:11474:26
#10 0xa882b0 in fAbstractSyntaxNType
/src/wireshark/epan/dissectors/packet-bacapp.c:8928:22
#11 0xa882b0 in fTimerStateChangeValue
/src/wireshark/epan/dissectors/packet-bacapp.c:11474:26
#12 0xa882b0 in fAbstractSyntaxNType
/src/wireshark/epan/dissectors/packet-bacapp.c:8928:22
#13 0xa882b0 in fTimerStateChangeValue
/src/wireshark/epan/dissectors/packet-bacapp.c:11474:26
#14 0xa882b0 in fAbstractSyntaxNType
/src/wireshark/epan/dissectors/packet-bacapp.c:8928:22
#15 0xa882b0 in fTimerStateChangeValue
/src/wireshark/epan/dissectors/packet-bacapp.c:11474:26
#16 0xa882b0 in fAbstractSyntaxNType
/src/wireshark/epan/dissectors/packet-bacapp.c:8928:22
#17 0xa882b0 in fTimerStateChangeValue
/src/wireshark/epan/dissectors/packet-bacapp.c:11474:26
#18 0xa882b0 in fAbstractSyntaxNType
/src/wireshark/epan/dissectors/packet-bacapp.c:8928:22
#19 0xa882b0 in fTimerStateChangeValue
/src/wireshark/epan/dissectors/packet-bacapp.c:11474:26
#20 0xa882b0 in fAbstractSyntaxNType
/src/wireshark/epan/dissectors/packet-bacapp.c:8928:22

[ ... ]

#491 0xa882b0 in fTimerStateChangeValue
/src/wireshark/epan/dissectors/packet-bacapp.c:11474:26
#492 0xa882b0 in fAbstractSyntaxNType
/src/wireshark/epan/dissectors/packet-bacapp.c:8928:22
#493 0xa882b0 in fTimerStateChangeValue
/src/wireshark/epan/dissectors/packet-bacapp.c:11474:26
#494 0xa882b0 in fAbstractSyntaxNType
/src/wireshark/epan/dissectors/packet-bacapp.c:8928:22

SUMMARY: AddressSanitizer: stack-overflow
(/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-honggfuzz_wireshark_9de6374568df96eba97b9288a3fce517c93d2636/revisions/fuzzshark_ip_proto-udp+0x43da28)

-- 
You are receiving this mail because:
You are watching all bug changes.___

[Wireshark-bugs] [Bug 16472] Typo in About Wireshark > Keyboard Shortcuts > Unignore All Displayed

2020-04-01 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16472

--- Comment #5 from Gerrit Code Review  ---
Change 36657 merged by Gerald Combs:
QT/UI: Fix shortcut

https://code.wireshark.org/review/36657

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16473] PacketReceivePacket error - "thread error or an application request" (995)

2020-04-01 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16473

Guy Harris  changed:

   What|Removed |Added

 Resolution|NOTABUG |DUPLICATE
Summary|16329   |PacketReceivePacket error -
   ||"thread error or an
   ||application request" (995)

--- Comment #1 from Guy Harris  ---
Yes, probably a duplicate of 16329.

Make sure you're running with Npcap 0.9988 or later.  If you are, reopen 16329,
giving the full version information for Wireshark.

*** This bug has been marked as a duplicate of bug 16329 ***

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16472] Typo in About Wireshark > Keyboard Shortcuts > Unignore All Displayed

2020-04-01 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16472

--- Comment #6 from Gerrit Code Review  ---
Change 36658 merged by Gerald Combs:
QT/UI: Fix shortcut

https://code.wireshark.org/review/36658

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16329] Error while capturing packets: PacketReceivePacket error: The I/O operation has been aborted because of either a thread exit or an application request. (995)

2020-04-01 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16329

--- Comment #12 from Guy Harris  ---
*** Bug 16473 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16472] Typo in About Wireshark > Keyboard Shortcuts > Unignore All Displayed

2020-04-01 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16472

Uli Heilmeier  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|IN_PROGRESS |RESOLVED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16475] New: Feature request - "Statistics UDP Multicast Streams" make it as an option in tshark

2020-04-01 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16475

Bug ID: 16475
   Summary: Feature request - "Statistics UDP Multicast Streams"
make it as an option in tshark
   Product: Wireshark
   Version: unspecified
  Hardware: x86-64
OS: Linux
Status: UNCONFIRMED
  Severity: Enhancement
  Priority: Low
 Component: TShark
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: 0...@tuta.io
  Target Milestone: ---

Build Information:
 tshark -v
TShark (Wireshark) 3.0.5 (Git v3.0.5 packaged as 3.0.5-1)
--
Tshark lacks an option for "Statistics UDP Multicast Streams", is it possible
to implement it in the future build?
I see only -z option for statistic collection, which is not a same function.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

1 2 3 4 5 6 7 8 9 10 >

1 - 100 of 111284 matches

Mail list logo