Ethereal-dev: [ethereal-dev] [PATCH] sigsegv in packet-nfs.c:1214 (proto_item_set_text)

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Florian Lohoff <flo@xxxxxxxxxx>
Date: Sat, 26 Aug 2000 14:21:31 +0200
Hi,
i got a capture with nfs stuff in it where ethereal sigsegv.

I traced it down to packet-nfs.c:1214 using proto_item_set_text
with a 0x0 entry_item which the function tries to dereference - BOOM!


This is packet-nfs.c:(dissect_readdir_entry)

If tree is NULL there is no way of entry_item NOT null

   1206         if (tree) {
   1207                 entry_item = proto_tree_add_item(tree, hf_nfs_readdir_entry, NullTVB,
   1208                         offset+0, END_OF_FRAME, FALSE);
   1209                 if (entry_item)
   1210                         entry_tree = proto_item_add_subtree(entry_item, ett_nfs_readdir_entry);
   1211         }
   1212 
   1213         if (!BYTES_ARE_IN_FRAME(offset, 4)) {
   1214                 proto_item_set_text(entry_item, "Entry: <TRUNCATED>");
   1215                 return offset;
   1216         }

This patch solved it for although i dont know if this is any kind of
correct - But ethereal didnt crash anymore :)

diff -u -r1.36 packet-nfs.c
--- packet-nfs.c	2000/08/15 21:27:46	1.36
+++ packet-nfs.c	2000/08/26 12:20:06
@@ -1210,7 +1210,7 @@
 			entry_tree = proto_item_add_subtree(entry_item, ett_nfs_readdir_entry);
 	}
 
-	if (!BYTES_ARE_IN_FRAME(offset, 4)) {
+	if (entry_item && !BYTES_ARE_IN_FRAME(offset, 4)) {
 		proto_item_set_text(entry_item, "Entry: <TRUNCATED>");
 		return offset;
 	}
Flo
-- 
Florian Lohoff		flo@xxxxxxxxxx		      	+49-5201-669912
      "Write only memory - Oops. Time for my medication again ..."