[Wireshark-bugs] [Bug 14465] Valid packet produces Malformed Packet: OpcUa
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14465 --- Comment #12 from Gerrit Code Review --- Change 28714 merged by Guy Harris: OpcUa: fix in function getExtensionObjectType https://code.wireshark.org/review/28714 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14465] Valid packet produces Malformed Packet: OpcUa
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14465 --- Comment #11 from Gerrit Code Review --- Change 28714 had a related patch set uploaded by Guy Harris: OpcUa: fix in function getExtensionObjectType https://code.wireshark.org/review/28714 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14465] Valid packet produces Malformed Packet: OpcUa
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14465 Michael Mann changed: What|Removed |Added Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14465] Valid packet produces Malformed Packet: OpcUa
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14465 --- Comment #10 from Gerrit Code Review --- Change 28328 merged by Anders Broman: OpcUa: fix in function getExtensionObjectType https://code.wireshark.org/review/28328 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14465] Valid packet produces Malformed Packet: OpcUa
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14465 --- Comment #9 from Gerrit Code Review --- Change 28328 had a related patch set uploaded by Erika Szelleová: OpcUa: fix in function getExtensionObjectType https://code.wireshark.org/review/28328 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14465] Valid packet produces Malformed Packet: OpcUa
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14465 --- Comment #8 from Erika Szelleova --- I think I have found the culprit. The function tried to read the value "numeric" (in this case: Identifier) but it tried to read the incorrect bytes (it moved 4 bytes to the right from the value "02" and tried to read 4 bytes - it would need a buffer of length 9). However, in the GUI it was shown correctly because those values were parsed and set in a separate function. I will send a patch soon. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14465] Valid packet produces Malformed Packet: OpcUa
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14465 --- Comment #7 from Mark Giraud --- The 8 bytes should be parsed as something like this: ###[ UaExtensionObject ]### \TypeId\ |###[ UaNumericNodeId ]### | Encoding = 2 | Namespace = 0 | Identifier= 0 Encoding = 0 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14465] Valid packet produces Malformed Packet: OpcUa
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14465 --- Comment #6 from Mark Giraud --- The last 8 bytes should be dissected as en ExtensionObject. This should be possible without any issues, since they are b'\x02\x00\x00\x00\x00\x00\x00\x00' I think there might be some kind of issue in the dissector before that if there aren't 8 bytes left to parse. But it looks like the dissector can parse up to the last 8 bytes (since the timeout hint is correctly parsed and highlited) and then fails on the ExtensionObject. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14465] Valid packet produces Malformed Packet: OpcUa
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14465 --- Comment #5 from Erika Szelleova --- OK, so the problem is that the AdditionalHeader is parsed as an ExtensionObject, however, according to the spec. it should be reserved for future use (see Part 4 p. 146). While parsing, the dissector tried to read data from outside the buffer, that's why it threw an exception. If you take a look at the OpenSecureChannelRequest (frame num. 8), then you can see, that there is also an additional header parsed as an ExtensionObject, however, there is more data after the field, so it didn't try to read from outside the buffer. Could you confirm that the additional header is parsed incorrectly and should not be treated as an ExtensionObject? Or am I missing some information? Thank you. Erika -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14465] Valid packet produces Malformed Packet: OpcUa
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14465 Erika Szelleova changed: What|Removed |Added Status|INCOMPLETE |IN_PROGRESS CC||szelleer...@gmail.com --- Comment #4 from Erika Szelleova --- The Exception is thrown when parsing the Additional Header. I'm investigating this. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14465] Valid packet produces Malformed Packet: OpcUa
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14465 --- Comment #2 from Mark Giraud--- Created attachment 16182 --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16182=edit Short opc ua pcap with malformed packet -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14465] Valid packet produces Malformed Packet: OpcUa
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14465 Alexis La Gouttechanged: What|Removed |Added Status|UNCONFIRMED |INCOMPLETE Ever confirmed|0 |1 CC||alexis.lagou...@gmail.com --- Comment #1 from Alexis La Goutte --- Hi Mark, Can you attach a pcap ? (and a link to spec ?) -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe