http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2236
Summary: SDP dissector buffer overrun exception
Product: Wireshark
Version: SVN
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: Normal
Priority: Medium
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: shane.kearns@xxxxxxxxxxx
shane kearns <shane.kearns@xxxxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1423| |review_for_checkin?
Flag| |
Created an attachment (id=1423)
--> (http://bugs.wireshark.org/bugzilla/attachment.cgi?id=1423)
patch to fix the bug
Build Information:
wireshark 0.99.8-btsnoop-dev (SVN Rev 24241)
Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.12.6, with GLib 2.14.5, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 6.4, with SMI 0.4.5, with ADNS, with Lua 5.1,
with
GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio PortAudio
V19-devel, with AirPcap.
Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.1
(packet.dll version 4.0.0.901), based on libpcap version 0.9.5, without
AirPcap.
Built using Microsoft Visual C++ 6.0
Press any key to exit
--
The SDP dissector skips 4 bytes before reading the number of records in the
length field of the packet (each record is 4 bytes long).
This causes it to read beyond the end of the packet and throw an exception when
attempting to decode a correctly formed packet.
SDP packet format is described in "Core V2.1 + EDR.pdf" available from
www.bluetooth.org (volume 3, part B)
Fix is just to not skip 4 bytes. (attached diff)
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.