[Wireshark-dev] Wireshark or protocol bug? (HTTP MIME multipart)

I'm trying to add dissection of Kerberos encrypted HTTP sessions.
Mostly, it's OK (got the headers parsed correctly, would file a BZ for this
patch soon).
However, when I'm trying to work with the body, which is a MIME multipart,
it fails with exception.
The reason seems to be that it does not have the double CRLF which is
expected between headers and body of a MIME (?):
imf_find_field_end() seems to fail to find additional CRLF - before the
binary data (which is actually a Kerberos blob) appears.

Attached please find a small capture showing the problem - not sure who's
fault it is - or if it's fixable somehow in Wireshark.
See packet 8 (dissect as HTTP please).

Regards,
Y.

___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe

• This message: [ Message body ]
• Next message: buildbot-no-reply_at_nospam: "[Wireshark-dev] buildbot failure in Wireshark (development) on Solaris-10-SPARC"
• Previous message: Joerg Mayer: "[Wireshark-dev] More unused warnings in new menu code"
• Next in thread: Jaap Keuter: "Re: [Wireshark-dev] Wireshark or protocol bug? (HTTP MIME multipart)"
• Reply: Jaap Keuter: "Re: [Wireshark-dev] Wireshark or protocol bug? (HTTP MIME multipart)"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]