Wireshark-bugs: [Wireshark-bugs] [Bug 7729] Full support of RFC2428 in FTP dissector

Date: Sun, 23 Sep 2012 11:18:02 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7729

--- Comment #12 from Martin Kaiser <wireshark@xxxxxxxxx> 2012-09-23 11:18:01 PDT ---

Hi Alex,

the last version looks much better and doesn't crash on my system either.

Unfortunately, I still think we need to fix some things.

(In reply to comment #11)

> The reason for the crash was that the IPv6 address had 8 words filled but a ::
> also. The code to fill the gap when :: was detected wasn't properly secured. 
> 
> I inserted now quite a number of security checks that the code should now be
> stable. 
> 
> I checked then code by intentionnally malform the IP address.
> The following malformed IPv6 addresses have been tested:
> 
> * 2001:abd:asdfgh:2 results in 2001:abd:adf:2::
> * 2001::12234b::3 results in 2001:234b::3
> * 2001:asdc::bcdeee:1234::asbe:1234:8766:acdedev:cder results in
> 2001:adc:deee:1234:abe:1234:8766:dede
> * abnb.asdflkh/adujbghas:8hnvbgt:fhgasd-asdk7654 results in adba:8b:7654::
> * abnsdggtf-asdjhgasd.asdztzgbbjg686asdfadf544f results in 544f::
> * zzzzzzzzzzzzzzzzzzzzzzzzz results in ::

For such malformed addresses, we must either flag up an error or at least stop
the dissection at that point.

I worked on your patch a bit, please see my attachment.

- changed rfc2428_ipstr_to_ipv4() and rfc2428_ipstr_to_ipv6() to return a
gboolean indicating success or failure

for ipv6, a valid character must be : or a hex digit, otherwise the address is
invalid

- the ip address that you enter into the tree as part of epsv does not come
from the message you're dissecting, use PROTO_ITEM_SET_GENERATED()

The main problem that remains is that addresses like

1:2:3:4:5:6:7:::::8 are not recognized as malformed. Could you have a look?

Best regards,

   Martin

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.