Wireshark-bugs: [Wireshark-bugs] [Bug 8264] New: USB: configuration descriptors marked as malfor

Date: Sun, 27 Jan 2013 17:46:45 +0000
Bug ID 8264
Summary USB: configuration descriptors marked as malformed when they're just truncated
Classification Unclassified
Product Wireshark
Version SVN
Hardware x86
OS All
Status UNCONFIRMED
Severity Minor
Priority Low
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Created attachment 9879 [details]
Patch - implementation

Build Information:
wireshark 1.9.0 (SVN Rev 47317 from /trunk)

Copyright 1998-2013 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.13, with Cairo 1.10.2, with Pango 1.30.0, with
GLib 2.32.4, with libpcap, with libz 1.2.5, with POSIX capabilities (Linux),
without libnl, with SMI 0.4.8, with c-ares 1.7.5, with Lua 5.1, without Python,
with GnuTLS 2.12.20, with Gcrypt 1.5.0, with MIT Kerberos, with GeoIP, with
PortAudio V19-devel (built Jan 15 2012 21:55:34), with AirPcap.

Running on Linux 3.6.11-5.fc17.x86_64, with locale en_US.utf8, with libpcap
version 1.2.1, with libz 1.2.5, GnuTLS 2.12.20, Gcrypt 1.5.0, without AirPcap.

Built using gcc 4.7.2 20120921 (Red Hat 4.7.2-2).

--
Improve handling of truncated USB Configuration descriptors.

In contrast to other descriptor types, configuration descriptors have varying
lengths and may be quite long. This makes them much more prone to truncation
by a host that is cautious about reading large descriptors.

A real-world case has arisen where a host requests a partial configuration
descriptor of a USB webcam, and wireshark improperly reports that the response
is malformed.

Change configuration descriptor dissection to distinguish between truncation
induced by the host, which is not an error, and descriptor truncation or
reporting of invalid descriptor lengths by the device, which are.

This patch also relieves class-specific dissectors of the burden of checking
that the descriptor length and type fields are available, and that all the
bytes claimed by the descriptor length are also available.


You are receiving this mail because:
  • You are watching all bug changes.