| Bug ID |
8735
|
| Summary |
USB CCID dissector "runs off the rails" when trying to dissect non-existent RDR_to_PC_DataBlock payloads
|
| Classification |
Unclassified
|
| Product |
Wireshark
|
| Version |
SVN
|
| Hardware |
All
|
| OS |
All
|
| Status |
UNCONFIRMED
|
| Severity |
Minor
|
| Priority |
Low
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Created attachment 10866 [details]
A patch that checks to see if usbccid.dwLength == 0, before trying to dissect
non-existent RDR_to_PC_DataBlock payloads
Build Information:
wireshark 1.11.0 (SVN Rev 49595 from /trunk)
Copyright 1998-2013 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (32-bit) with GTK+ 2.24.13, with Cairo 1.12.2, with Pango 1.30.1, with
GLib 2.34.1, with libpcap, with libz 1.2.7, without POSIX capabilities, with
libnl 1, without SMI, without c-ares, without ADNS, without Lua, without
Python,
without GnuTLS, with Gcrypt 1.5.0, without Kerberos, without GeoIP, without
PortAudio, without AirPcap.
Running on Linux 3.5.0-28-generic, with locale ja_JP.UTF-8, with libpcap
version
1.5.0-PRE-GIT_2013_04_17, with libz 1.2.7, Gcrypt 1.5.0.
Built using gcc 4.7.2.
--
It appears that when a USB CCID subdissector (in this case, ISO 7816) is
enabled, and usbccid.dwLength == 0 for RDR_to_PC_DataBlock packets, a pointless
attempt at dissecting a non-existent payload is made, and the packet is
(incorrectly?) marked as "malformed".
The attached patch should remedy this issue.
You are receiving this mail because:
- You are watching all bug changes.