| Bug ID |
9849
|
| Summary |
telephony->sctp->Analyse this association crashes Wireshark on manufactured SCTP packet
|
| Classification |
Unclassified
|
| Product |
Wireshark
|
| Version |
1.11.x (Experimental)
|
| Hardware |
x86
|
| OS |
All
|
| Status |
UNCONFIRMED
|
| Severity |
Normal
|
| Priority |
Low
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Created attachment 12610 [details]
Single packet causing the crash
Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
When creating a pcap file from a log file using text2pcap some missformed
packets where created those may crash wireshark. Including a single packet
that will cause the crash. The cause is that
struct _sctp_info {
gboolean incomplete;
gboolean adler32_calculated;
gboolean adler32_correct;
gboolean crc32c_calculated;
gboolean crc32c_correct;
gboolean checksum_zero;
gboolean vtag_reflected;
guint16 sport;
guint16 dport;
address ip_src;
address ip_dst;
guint32 verification_tag;
guint16 assoc_index;
guint16 direction;
guint32 number_of_tvbs; <--- = 0
tvbuff_t *tvb[MAXIMUM_NUMBER_OF_TVBS];
};
This will cause a crash in tap-sctp-analysis.c at
line 393 if (tvb_get_guint8(sctp_info->tvb[0],0) == SCTP_INIT_CHUNK_ID)
I'm not sure if a protection should be inserted in packet-sctp.c at
dissect_sctp_packet(tvb, pinfo, tree, FALSE);
if (!pinfo->flags.in_error_pkt)
tap_queue_packet(sctp_tap, pinfo, &sctp_info);
checing for number_of_tvbs or if something else should be done.
You are receiving this mail because:
- You are watching all bug changes.