Wireshark-bugs: [Wireshark-bugs] [Bug 6914] New: capture dialogue: unitialized pointer is derefe

Date: Mon, 5 Mar 2012 14:27:11 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6914

           Summary: capture dialogue: unitialized pointer is dereferenced,
                    assigning an arbitrary dlt to a capture interface
           Product: Wireshark
           Version: SVN
          Platform: x86
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: wireshark@xxxxxxxxx


Created attachment 7960
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=7960
save_options_cb(), initialize ptr and dlt, check before dereferencing

Build Information:
TShark 1.7.1 (SVN Rev 41358 from /trunk)

Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.24.2, with libpcap, with libz 1.2.3.4, without
POSIX capabilities, without SMI, without c-ares, without ADNS, without Lua,
without Python, with GnuTLS 2.8.6, with Gcrypt 1.4.5, with MIT Kerberos,
without
GeoIP.

Running on Linux 2.6.32-5-amd64, with locale en_US.UTF-8, with libpcap version
1.1.1, with libz 1.2.3.4.

Built using gcc 4.4.5.

--
Dear all,

I ran into the following bug recently.

Create a fifo

mkfifo /tmp/wpipe

and ask wireshark to capture from it

wireshark -i /tmp/wpipe

If you press Start on the left, wireshark will wait for data from the pipe.
Stop the capture.

Once you double click the pipe's name in the interface list, the "Edit
Interface Settings" window comes up. Press Ok to confirm the setings without
making any changes.

If you Start another capture, there'll be an error (from dumpcap)

The specified data link type "(null)" isn't valid


The reason for this is in capture_dlg.c, save_options_cb()

If device.links is NULL, the pointer ptr is left unitialized but we dereference
it by calling dlt = GPOINTER_TO_INT(ptr) and device.active_dlt = dlt

The attached patch fixes this.

Best regards,

   Martin

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.