From d094eab1a3e76ace9a7bd0e82abd0470f1c9a420 Mon Sep 17 00:00:00 2001 From: Guy Harris Date: Thu, 25 Sep 2014 01:15:29 -0700 Subject: The length of the pktap header isn't fixed, it's a field in the header. Don't assume that, once we've dissected the fields in the header we know about and skipped past them, that the payload follows immediately afterwards; use the header length from the header to find the payload. Bug: 10502 Change-Id: I645fe652240e0068d99cf00d19e3705615857d5b Reviewed-on: https://code.wireshark.org/review/4280 Reviewed-by: Guy Harris --- epan/dissectors/packet-pktap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/epan/dissectors/packet-pktap.c b/epan/dissectors/packet-pktap.c index c5d65c1be9..676e8c6530 100644 --- a/epan/dissectors/packet-pktap.c +++ b/epan/dissectors/packet-pktap.c @@ -205,7 +205,7 @@ dissect_pktap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) offset += 20; if (rectype == PKT_REC_PACKET) { - next_tvb = tvb_new_subset_remaining(tvb, offset); + next_tvb = tvb_new_subset_remaining(tvb, pkt_len); dissector_try_uint(wtap_encap_dissector_table, wtap_pcap_encap_to_wtap_encap(dlt), next_tvb, pinfo, tree); } -- cgit v1.2.3