http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1944
Summary: rtsp dissector segfaults if handed incomplete data
Product: Wireshark
Version: SVN
Platform: PC
OS/Version: Linux
Status: NEW
Severity: Major
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: acferen@xxxxxxxxx
Build Information:
wireshark 0.99.7 (SVN Rev 23276)
Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.10.11, with GLib 2.12.11, with libpcap 0.9.8, with libz
1.2.3, with libpcre 6.7, without SMI, with ADNS, without Lua, with GnuTLS
1.4.4,
with Gcrypt 1.2.3, without Kerberos, with PortAudio <= V18, without AirPcap.
Running on Linux 2.6.20-16-generic, with libpcap version 0.9.8.
Built using gcc 4.1.2 (Ubuntu 4.1.2-0ubuntu4).
--
SVN Rev 23268 introduces changes that cause the wireshark to segfault.
Problem triggered for me inside an sFlow dissector where most of the actual
rtsp data was missing from the sample.
details:
packet-rtsp.c passes a string pointer to dissector_try_string(...) without
verifying that the pointer is pointing some place useful.
fix:
only call dissector_try_string(...) if the string pointer is not NULL.
and/or
patch dissector_try_string(...) to return FALSE or assert if it is passed a
NULL.
I'll include patches for both. The packet-rtsp.c patch should be applied
either way. I'm ambivalent about the packet.c patch.
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.