Bug ID |
12662
|
Summary |
Fuzzed PCAP causing segmentation fault in dissect_ldss_transfer
|
Product |
Wireshark
|
Version |
2.0.2
|
Hardware |
x86
|
OS |
Windows 7
|
Status |
UNCONFIRMED
|
Severity |
Major
|
Priority |
Low
|
Component |
Dissection engine (libwireshark)
|
Assignee |
[email protected]
|
Reporter |
[email protected]
|
Created attachment 14760 [details]
Sample PCAP
Build Information:
TShark (Wireshark) 2.0.2 (SVN Rev Unknown from unknown)
Copyright 1998-2016 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with libnl 3,
with libz 1.2.8, with GLib 2.48.0, with SMI 0.4.8, with c-ares 1.10.0, with Lua
5.2, with GnuTLS 3.4.10, with Gcrypt 1.6.5, with MIT Kerberos, with GeoIP.
Running on Linux 4.4.0-22-generic, with locale en_GB.UTF-8, with libpcap
version
1.7.4, with libz 1.2.8, with GnuTLS 3.4.10, with Gcrypt 1.6.5.
Intel Core Processor (Haswell) (with SSE4.2)
Built using gcc 5.3.1 20160407.
--
Fuzzed PCAP causes segmentation fault on tshark 2.0.2 and a recent build from
repository ( commit 688d055acd523e645c1e87267dcf4a0a9867adbd ).
ASAN output from 'tshark -2 -V -r <pcap>':
ASAN:SIGSEGV
=================================================================
==14033==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000030 (pc
0x7f7a7ba93fec bp 0x7fff425eab60 sp 0x7fff425ea200 T0)
#0 0x7f7a7ba93feb in dissect_ldss_transfer
/workarea/fuzz/victimlibs2/wireshark/epan/dissectors/packet-ldss.c:507
#1 0x7f7a7b3ac92e in call_dissector_through_handle
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:648
#2 0x7f7a7b3ac92e in call_dissector_work
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:723
#3 0x7f7a7b38e764 in try_conversation_dissector
/workarea/fuzz/victimlibs2/wireshark/epan/conversation.c:1323
#4 0x7f7a7bef5025 in decode_tcp_ports
/workarea/fuzz/victimlibs2/wireshark/epan/dissectors/packet-tcp.c:4994
#5 0x7f7a7bef5934 in process_tcp_payload
/workarea/fuzz/victimlibs2/wireshark/epan/dissectors/packet-tcp.c:5098
#6 0x7f7a7bef63d0 in dissect_tcp_payload
/workarea/fuzz/victimlibs2/wireshark/epan/dissectors/packet-tcp.c:5179
#7 0x7f7a7befaa60 in dissect_tcp
/workarea/fuzz/victimlibs2/wireshark/epan/dissectors/packet-tcp.c:6036
#8 0x7f7a7b3ac92e in call_dissector_through_handle
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:648
#9 0x7f7a7b3ac92e in call_dissector_work
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:723
#10 0x7f7a7b3ad707 in dissector_try_uint_new
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:1187
#11 0x7f7a7b9b5ec3 in ip_try_dissect
/workarea/fuzz/victimlibs2/wireshark/epan/dissectors/packet-ip.c:1976
#12 0x7f7a7b9b8038 in dissect_ip_v4
/workarea/fuzz/victimlibs2/wireshark/epan/dissectors/packet-ip.c:2439
#13 0x7f7a7b3ac92e in call_dissector_through_handle
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:648
#14 0x7f7a7b3ac92e in call_dissector_work
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:723
#15 0x7f7a7b3ad707 in dissector_try_uint_new
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:1187
#16 0x7f7a7b3ad7a0 in dissector_try_uint
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:1213
#17 0x7f7a7b811978 in dissect_ethertype
/workarea/fuzz/victimlibs2/wireshark/epan/dissectors/packet-ethertype.c:262
#18 0x7f7a7b3ac92e in call_dissector_through_handle
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:648
#19 0x7f7a7b3ac92e in call_dissector_work
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:723
#20 0x7f7a7b3afd41 in call_dissector_with_data
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:2792
#21 0x7f7a7b80f772 in dissect_eth_common
/workarea/fuzz/victimlibs2/wireshark/epan/dissectors/packet-eth.c:539
#22 0x7f7a7b810822 in dissect_eth
/workarea/fuzz/victimlibs2/wireshark/epan/dissectors/packet-eth.c:803
#23 0x7f7a7b3ac92e in call_dissector_through_handle
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:648
#24 0x7f7a7b3ac92e in call_dissector_work
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:723
#25 0x7f7a7b3ad707 in dissector_try_uint_new
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:1187
#26 0x7f7a7b85b185 in dissect_frame
/workarea/fuzz/victimlibs2/wireshark/epan/dissectors/packet-frame.c:507
#27 0x7f7a7b3ac92e in call_dissector_through_handle
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:648
#28 0x7f7a7b3ac92e in call_dissector_work
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:723
#29 0x7f7a7b3afd41 in call_dissector_with_data
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:2792
#30 0x7f7a7b3b0cb3 in dissect_record
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:531
#31 0x7f7a7b397f83 in epan_dissect_run_with_taps
/workarea/fuzz/victimlibs2/wireshark/epan/epan.c:378
#32 0x41129f in process_packet_second_pass
/workarea/fuzz/victimlibs2/wireshark/tshark.c:2777
#33 0x41129f in load_cap_file
/workarea/fuzz/victimlibs2/wireshark/tshark.c:3044
#34 0x41129f in main /workarea/fuzz/victimlibs2/wireshark/tshark.c:1873
#35 0x7f7a744fa82f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#36 0x412608 in _start (/workarea/fuzz/bin/shark/tshark+0x412608)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/workarea/fuzz/victimlibs2/wireshark/epan/dissectors/packet-ldss.c:507
dissect_ldss_transfer
==14033==ABORTING
You are receiving this mail because:
- You are watching all bug changes.