Wireshark-bugs: [Wireshark-bugs] [Bug 11790] Wireshark stack-based buffer overflow in AirPDcapPa

Date: Fri, 27 Nov 2015 23:12:10 +0000

changed bug 11790


What Removed Added
Priority Low High
Status UNCONFIRMED CONFIRMED
Ever confirmed   1

Comment # 4 on bug 11790 from
Can confirm that this is a real issue. Affects at least Wireshark master and
2.0.0. 1.12.8 somehow did not crash on the capture.

Workaround: disable 802.11 decryption:

 tshark -r 1.pcap -o wlan.enable_decryption:0

--
ASAN backtrace for v2.0.0-69-g6793a03 is slightly different, possibly because
master has v2.1.0rc0-460-gcb3dd95:

==23836==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7fffffff1ed0 at pc 0x555555698f45 bp 0x7ffffffefaf0 sp 0x7ffffffef2a0
WRITE of size 43264 at 0x7fffffff1ed0 thread T0
    #0 0x555555698f44 in __asan_memcpy
(/tmp/wireshark-1.12/build-2.0/run/tshark+0x144f44)
    #1 0x7fffea9dbb5e in AirPDcapPacketProcess epan/crypt/airpdcap.c:708:13
    #2 0x7fffebace4a0 in try_decrypt epan/dissectors/packet-ieee80211.c:18744:7
    #3 0x7fffebac6e52 in dissect_ieee80211_common
epan/dissectors/packet-ieee80211.c:17857:16
    #4 0x7fffeba94fe5 in dissect_ieee80211
epan/dissectors/packet-ieee80211.c:18358:10

As far as I can see, the bug reaches far back. Maybe there is a way to trigger
the issue in other versions, but I did not check.


You are receiving this mail because:
  • You are watching all bug changes.