--- Comment #7 from Peter Wu <> ---
Created attachment 16210
Crafted crash reproducer

The previously proposed patch is insufficient, if the first TCP segment
contains the full HTTP message (+ a bit more), then the same crash would occur.
See attached pcap, crafted with the following script:

from scapy.all import *
data1 = b"HTTP/1.1 200 OK\r\nContent-Length: 5\r\n\r\nTest\n"
data2 = b"HTTP/1.1 400 Bad Request\r\n"     # note: missing \r\n
data1, data2 = data1 + data2[:1], data2[1:]
p = [
IP()/TCP(sport=8080, dport=2575, flags="A", seq=1)/data1,
IP()/TCP(sport=8080, dport=2575, flags="SA", seq=1),
IP()/TCP(sport=8080, dport=2575, flags="A", seq=1+len(data1))/data2,]
wrpcap("bug14472-badhttp.pcap", p)

Note that both the original and this capture requires the default configuration
(TCP and possibly HTTP headers reassembly must be enabled)

You are receiving this mail because:
You are watching all bug changes.
Sent via:    Wireshark-bugs mailing list <>

Reply via email to