Please apply the attached patch which is a new more accurate fix for bug
#1163. Thanks to Graeme Lunt for pointing out that the first patch
broke a different capture with legitimate SES data in it. My patch also
corrects the check for number of bytes existing from 4 to 2 as the
minimum length of an SES PDU is only 2 bytes: 1 byte type, 1 byte
length.
Steve
Index: epan/dissectors/packet-ses.c
===================================================================
--- epan/dissectors/packet-ses.c (revision 19874)
+++ epan/dissectors/packet-ses.c (working copy)
@@ -1777,7 +1777,7 @@
guint16 len;
/* first, check do we have at least 4 bytes (type+length) */
- if (!tvb_bytes_exist(tvb, 0, 4))
+ if (!tvb_bytes_exist(tvb, 0, 2))
return FALSE; /* no */
/* can we recognize session PDU ? Return FALSE if not */
@@ -1789,6 +1789,17 @@
return FALSE; /* no, it isn't a session PDU */
}
+ /* can we recognize the second session PDU ? Return FALSE if not */
+ if(tvb_bytes_exist(tvb, 2, 2)) { /* Make sure there is a second one */
+ /* get SPDU type */
+ type = tvb_get_guint8(tvb, offset+4);
+ /* check SPDU type */
+ if (match_strval(type, ses_vals) == NULL)
+ {
+ return FALSE; /* no, it isn't a session PDU */
+ }
+ }
+
/* some Siemens SIMATIC protocols also use COTP, and shouldn't be
* misinterpreted as SES.
* the starter in this case is fixed to 0x32 (SES_MINOR_SYNC_ACK for
SES),
@@ -1803,8 +1814,6 @@
/* OK,let's check SPDU length */
/* get length of SPDU */
len = get_item_len(tvb, offset+1, &len_len);
- if(len == 0)
- return FALSE; /* Not a valid PDU */
/* add header length */
len+=len_len;
_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev
