[Wireshark-bugs] [Bug 16734] New: "total block length ... is too small" for Systemd Journal Export Block

Sat, 25 Jul 2020 02:38:20 -0700 

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16734

            Bug ID: 16734
           Summary: "total block length ... is too small" for Systemd
                    Journal Export Block
           Product: Wireshark
           Version: 3.2.4
          Hardware: x86-64
                OS: Windows 10
            Status: UNCONFIRMED
          Severity: Normal
          Priority: Low
         Component: Capture file support (libwiretap)
          Assignee: bugzilla-ad...@wireshark.org
          Reporter: li...@gilleswaeber.ch
  Target Milestone: ---

Build Information:
Wireshark 3.2.4 (v3.2.4-0-g893b5a5e1e3e)

Copyright 1998-2020 Gerald Combs <ger...@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<https://www.gnu.org/licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.12.8, with WinPcap SDK (WpdPack) 4.1.2, with GLib
2.52.3, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.15.0, with Lua 5.2.4,
with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos,
with MaxMind DB resolver, with nghttp2 1.39.2, with brotli, with LZ4, with
Zstandard, with Snappy, with libxml2 2.9.9, with QtMultimedia, with automatic
updates using WinSparkle 0.5.7, with AirPcap, with SpeexDSP (using bundled
resampler), with SBC, with SpanDSP, with bcg729.

Running on 64-bit Windows 10 (1909), build 18363, with AMD Ryzen 9 3900X
12-Core
Processor             (with SSE4.2), with 32716 MB of physical memory, with
locale French_Switzerland.1252, with Npcap version 0.9994, based on libpcap
version 1.9.1, with GnuTLS 3.6.3, with Gcrypt 1.8.3, with brotli 1.0.2, without
AirPcap, binary plugins supported (0 loaded).

Built using Microsoft Visual Studio 2019 (VC++ 14.25, build 28614).
--
The PCAP NG spec draft specifies that a Systemd Journal Export Block entry must
contain a __REALTIME_TIMESTAMP field and that it "could potentially be used to
include arbitrary key-value data", but Wireshark currently enforces a minimum
size of 212 bytes for this block (MIN_SYSTEMD_JOURNAL_EXPORT_ENTRY_SIZE = 200).

The error dialog is:

  The capture file appears to be damaged or corrupt.
  (pcapng_read_systemd_journal_export_block: total block length 72 is too small
(< 212))

  [ OK ]

-- 
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via:    Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
             mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

Reply via email to