https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7729
--- Comment #12 from Martin Kaiser <wireshark@xxxxxxxxx> 2012-09-23 11:18:01 PDT ---
Hi Alex,
the last version looks much better and doesn't crash on my system either.
Unfortunately, I still think we need to fix some things.
(In reply to comment #11)
> The reason for the crash was that the IPv6 address had 8 words filled but a ::
> also. The code to fill the gap when :: was detected wasn't properly secured.
>
> I inserted now quite a number of security checks that the code should now be
> stable.
>
> I checked then code by intentionnally malform the IP address.
> The following malformed IPv6 addresses have been tested:
>
> * 2001:abd:asdfgh:2 results in 2001:abd:adf:2::
> * 2001::12234b::3 results in 2001:234b::3
> * 2001:asdc::bcdeee:1234::asbe:1234:8766:acdedev:cder results in
> 2001:adc:deee:1234:abe:1234:8766:dede
> * abnb.asdflkh/adujbghas:8hnvbgt:fhgasd-asdk7654 results in adba:8b:7654::
> * abnsdggtf-asdjhgasd.asdztzgbbjg686asdfadf544f results in 544f::
> * zzzzzzzzzzzzzzzzzzzzzzzzz results in ::
For such malformed addresses, we must either flag up an error or at least stop
the dissection at that point.
I worked on your patch a bit, please see my attachment.
- changed rfc2428_ipstr_to_ipv4() and rfc2428_ipstr_to_ipv6() to return a
gboolean indicating success or failure
for ipv6, a valid character must be : or a hex digit, otherwise the address is
invalid
- the ip address that you enter into the tree as part of epsv does not come
from the message you're dissecting, use PROTO_ITEM_SET_GENERATED()
The main problem that remains is that addresses like
1:2:3:4:5:6:7:::::8 are not recognized as malformed. Could you have a look?
Best regards,
Martin
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.