Wireshark-bugs: [Wireshark-bugs] [Bug 6555] New: CAPWAP dissector tries to allocate -1 bytes of

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Wed, 9 Nov 2011 16:55:08 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6555

           Summary: CAPWAP dissector tries to allocate -1 bytes of memory
                    during reassembly
           Product: Wireshark
           Version: 1.6.3
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: doj@xxxxxxxxx


Created an attachment (id=7391)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=7391)
patch to fix CAPWAP dissector with invalid traffic

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
I was loading a capture file containing RTP VOIP traffic from a Nortel
softphone. It was using UDP port 5246 which is the default port for the CAPWAP
dissector. Of course the CAPWAP dissector did not show meaningfull data, but it
is also calling into the TCP reassembly code with an unchecked
tvb_length_remaining() which returned -1. That was converted to 2^32 bytes and
crashed Wireshark.

The attached patch fixes this.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.