Home page logo

wireshark logo Wireshark mailing list archives

Defect in reassembling TCP stream. Bug and Patch are available on Bugzilla.
From: Pavel Karneliuk <Pavel_Karneliuk () epam com>
Date: Fri, 28 Mar 2014 15:06:04 +0000


At first, thank you all for Wireshark. It is amazing tool!

I found a defect and register Bug 9936<https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9936> - "epan/follow.c - 
Incorrect comparing a sequence number of TCP fragment when its value wraps over uint32_t limit"
A capture file and my patch are attached to bug in Bugzilla.

Patch is a one-line fix:
--- a/epan/follow.c
+++ b/epan/follow.c
@@ -441,7 +441,7 @@ check_fragments( int idx, tcp_stream_chunk *sc, guint32 acknowledged ) {
         lowest_seq = current->seq;
-      if( current->seq < seq[idx] ) {
+      if( LT_SEQ(current->seq, seq[idx]) ) {
         guint32 newseq;
         /* this sequence number seems dated, but
            check the end to make sure it has no more

It is just a replacement a compare operator to wraps-friendly macro. Similar to code around (with GT_SEQ usage).
What do you think?

Best Regards,
Pavel Karneliuk
Senior Software Engineer

EPAM Systems
Minsk office, Belarus
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]