Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10263] New: NULL deref in ldss dissector

Wireshark-bugs: [Wireshark-bugs] [Bug 10263] New: NULL deref in ldss dissector

Date: Mon, 07 Jul 2014 16:33:43 +0000

Bug ID	10263
Summary	NULL deref in ldss dissector
Classification	Unclassified
Product	Wireshark
Version	Git
Hardware	All
OS	All
Status	UNCONFIRMED
Severity	Major
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
Since commit 4afd70d4e46c944e5d4e9476103992e621510253, capture
2867-ldss_filtered.pcap (attachment 2867 [details]) crashes due to a null deref. See
below.

==12100==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000028 (pc
0x7f99ce1e6d0a sp 0x7fffd41fc640 bp 0x7fffd41fc7c0 T0)
    #0 0x7f99ce1e6d09 in dissect_ldss_transfer
epan/dissectors/packet-ldss.c:483
    #1 0x7f99cd8e44ca in call_dissector_through_handle epan/packet.c:622
    #2 0x7f99cd8e48cf in call_dissector_work epan/packet.c:713
    #3 0x7f99cd8e9bed in call_dissector_only epan/packet.c:2284
    #4 0x7f99cd8b937b in try_conversation_dissector epan/conversation.c:1303
    #5 0x7f99ce76d484 in decode_tcp_ports epan/dissectors/packet-tcp.c:3912
    #6 0x7f99ce76dec4 in process_tcp_payload epan/dissectors/packet-tcp.c:4016
    #7 0x7f99ce765413 in desegment_tcp epan/dissectors/packet-tcp.c:1839
    #8 0x7f99ce76e473 in dissect_tcp_payload epan/dissectors/packet-tcp.c:4083
    #9 0x7f99ce776126 in dissect_tcp epan/dissectors/packet-tcp.c:4913
    #10 0x7f99cd8e450d in call_dissector_through_handle epan/packet.c:626
    #11 0x7f99cd8e48cf in call_dissector_work epan/packet.c:713
    #12 0x7f99cd8e61a3 in dissector_try_uint_new epan/packet.c:1145
    #13 0x7f99ce0c4c2f in dissect_ip epan/dissectors/packet-ip.c:2408
    #14 0x7f99cd8e450d in call_dissector_through_handle epan/packet.c:626
    #15 0x7f99cd8e48cf in call_dissector_work epan/packet.c:713
    #16 0x7f99cd8e61a3 in dissector_try_uint_new epan/packet.c:1145
    #17 0x7f99cd8e6248 in dissector_try_uint epan/packet.c:1171
    #18 0x7f99cde8ff9c in dissect_ethertype
epan/dissectors/packet-ethertype.c:303
    #19 0x7f99cd8e44ca in call_dissector_through_handle epan/packet.c:622
    #20 0x7f99cd8e48cf in call_dissector_work epan/packet.c:713
    #21 0x7f99cd8e9bed in call_dissector_only epan/packet.c:2284
    #22 0x7f99cd8e9c30 in call_dissector_with_data epan/packet.c:2297
    #23 0x7f99cde8d763 in dissect_eth_common epan/dissectors/packet-eth.c:475
    #24 0x7f99cde8ef01 in dissect_eth_maybefcs epan/dissectors/packet-eth.c:758
    #25 0x7f99cd8e450d in call_dissector_through_handle epan/packet.c:626
    #26 0x7f99cd8e48cf in call_dissector_work epan/packet.c:713
    #27 0x7f99cd8e61a3 in dissector_try_uint_new epan/packet.c:1145
    #28 0x7f99cd8e6248 in dissector_try_uint epan/packet.c:1171
    #29 0x7f99cdf03064 in dissect_frame epan/dissectors/packet-frame.c:497
    #30 0x7f99cd8e450d in call_dissector_through_handle epan/packet.c:626
    #31 0x7f99cd8e48cf in call_dissector_work epan/packet.c:713
    #32 0x7f99cd8e9bed in call_dissector_only epan/packet.c:2284
    #33 0x7f99cd8e9c30 in call_dissector_with_data epan/packet.c:2297
    #34 0x7f99cd8e9d07 in call_dissector epan/packet.c:2314
    #35 0x7f99cd8e3156 in dissect_record epan/packet.c:497
    #36 0x7f99cd8c0ac0 in epan_dissect_run_with_taps epan/epan.c:346
    #37 0x419e37 in process_packet tshark.c:3559
    #38 0x41911f in load_cap_file tshark.c:3349
    #39 0x414e25 in main tshark.c:2114
    #40 0x7f99c7e79fff in __libc_start_main (/usr/lib/libc.so.6+0x1ffff)
    #41 0x409fe8 (/tmp/wsbuild/run/tshark+0x409fe8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV epan/dissectors/packet-ldss.c:483
dissect_ldss_transfer
==12100==ABORTING


4afd70d4e46c944e5d4e9476103992e621510253 is the first bad commit
commit 4afd70d4e46c944e5d4e9476103992e621510253
Author: Evan Huus <[email protected]>
Date:   Sun Jul 6 09:21:25 2014 -0400

    Use g_hash_table_new_full to free some values

    Fixes a good 80-90KB of leaks in certain cases.

    Bug: 10261
    Change-Id: I81d57ac67219e730b03649b9fdfc2306807bdb97
    Reviewed-on: https://code.wireshark.org/review/2879
    Reviewed-by: Anders Broman <[email protected]>

:040000 040000 4c60521948aa390dca020ad7fa650ce659ecb4b1
f42d0e2989240cf19b6dba83e85b47efa47a19b1 M      epan

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 10263] NULL deref in ldss dissector
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10263] NULL deref in ldss dissector
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10263] NULL deref in ldss dissector
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10263] NULL deref in ldss dissector
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10263] NULL deref in ldss dissector
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10263] NULL deref in ldss dissector
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10263] NULL deref in ldss dissector
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10263] NULL deref in ldss dissector
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 10262] Update Skinny Dissection Code
Next by Date: [Wireshark-bugs] [Bug 10263] NULL deref in ldss dissector
Previous by thread: [Wireshark-bugs] [Bug 10262] skinny: support ProtocolVersion 0x15, message updates
Next by thread: [Wireshark-bugs] [Bug 10263] NULL deref in ldss dissector
Index(es):
- Date
- Thread