https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3689
Summary: dereference in packet-paltalk.c
Product: Wireshark
Version: 1.2.0
Platform: Other
OS/Version: Windows XP
Status: NEW
Severity: Major
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: packetsteve@xxxxxxxxxxx
Build Information:
TShark 1.2.0
Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GLib 2.17.7, with libpcap 0.9.4, with libz 1.1.3, without POSIX
capabilities, without libpcre, without SMI, without c-ares, with ADNS, without
Lua, without GnuTLS, with Gcrypt 1.2.2, without Kerberos, without GeoIP.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.
Running on SunOS 5.8, with libpcap version 0.9.4, Gcrypt 1.2.2.
Built using gcc 3.4.6.
--
packet-paltalk.c has a heuristic with this line.
if (pinfo->net_src.type != AT_IPv4 || pinfo->net_dst.type != AT_IPv4
|| pinfo->net_src.len != 4 || pinfo->net_dst.len != 4
|| !pinfo->net_src.data || !pinfo->net_dst.data
|| (((*(guint32*) pinfo->net_src.data) &
PALTALK_SERVERS_NETMASK) != PALTALK_SERVERS_ADDRESS
&& ((*(guint32*) pinfo->net_dst.data) &
PALTALK_SERVERS_NETMASK) != PALTALK_SERVERS_ADDRESS))
The above dereference, *(guint32*) pinfo->net_src.data,
may be invalid & crash Wireshark.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.