Bug ID |
12665
|
Summary |
Fuzzed PCAP causing segmentation fault in ssl_decrypt_record
|
Product |
Wireshark
|
Version |
Git
|
Hardware |
x86
|
OS |
Ubuntu
|
Status |
UNCONFIRMED
|
Severity |
Major
|
Priority |
Low
|
Component |
Dissection engine (libwireshark)
|
Assignee |
[email protected]
|
Reporter |
[email protected]
|
Created attachment 14763 [details]
Sample PCAP
Build Information:
commit 688d055acd523e645c1e87267dcf4a0a9867adbd
Author: Martin Kaiser <[email protected]>
Date: Sun Jul 24 18:43:14 2016 +0200
--
Fuzzed PCAP causes segmentation fault on a recent build from repository.
ASAN output from 'tshark -2 -V -r <pcap>':
ASAN:SIGSEGV
=================================================================
==22261==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000004f (pc
0x7f9c60be7b80 bp 0x61d00015411a sp 0x7ffdb87c5688 T0)
#0 0x7f9c60be7b7f (/lib/x86_64-linux-gnu/libgcrypt.so.20+0x14b7f)
#1 0x7f9c60bdc9c5 in gcry_cipher_setiv
(/lib/x86_64-linux-gnu/libgcrypt.so.20+0x99c5)
#2 0x7f9c68eb48d2 in ssl_decrypt_record
/workarea/fuzz/victimlibs2/wireshark/epan/dissectors/packet-ssl-utils.c:3505
#3 0x7f9c687b54ab in decrypt_dtls_record
/workarea/fuzz/victimlibs2/wireshark/epan/dissectors/packet-dtls.c:597
#4 0x7f9c687b6c6c in dissect_dtls_record
/workarea/fuzz/victimlibs2/wireshark/epan/dissectors/packet-dtls.c:805
#5 0x7f9c687b7bdb in dissect_dtls
/workarea/fuzz/victimlibs2/wireshark/epan/dissectors/packet-dtls.c:428
#6 0x7f9c683a492e in call_dissector_through_handle
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:648
#7 0x7f9c683a492e in call_dissector_work
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:723
#8 0x7f9c683a7d41 in call_dissector_with_data
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:2792
#9 0x7f9c686409a3 in dissect_capwap_control
/workarea/fuzz/victimlibs2/wireshark/epan/dissectors/packet-capwap.c:3237
#10 0x7f9c683a492e in call_dissector_through_handle
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:648
#11 0x7f9c683a492e in call_dissector_work
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:723
#12 0x7f9c683a5707 in dissector_try_uint_new
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:1187
#13 0x7f9c683a57a0 in dissector_try_uint
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:1213
#14 0x7f9c68f4046e in decode_udp_ports
/workarea/fuzz/victimlibs2/wireshark/epan/dissectors/packet-udp.c:578
#15 0x7f9c68f41936 in dissect
/workarea/fuzz/victimlibs2/wireshark/epan/dissectors/packet-udp.c:1028
#16 0x7f9c68f42aad in dissect_udp
/workarea/fuzz/victimlibs2/wireshark/epan/dissectors/packet-udp.c:1034
#17 0x7f9c683a492e in call_dissector_through_handle
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:648
#18 0x7f9c683a492e in call_dissector_work
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:723
#19 0x7f9c683a5707 in dissector_try_uint_new
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:1187
#20 0x7f9c689adec3 in ip_try_dissect
/workarea/fuzz/victimlibs2/wireshark/epan/dissectors/packet-ip.c:1976
#21 0x7f9c689b0038 in dissect_ip_v4
/workarea/fuzz/victimlibs2/wireshark/epan/dissectors/packet-ip.c:2439
#22 0x7f9c683a492e in call_dissector_through_handle
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:648
#23 0x7f9c683a492e in call_dissector_work
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:723
#24 0x7f9c683a5707 in dissector_try_uint_new
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:1187
#25 0x7f9c683a57a0 in dissector_try_uint
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:1213
#26 0x7f9c68809978 in dissect_ethertype
/workarea/fuzz/victimlibs2/wireshark/epan/dissectors/packet-ethertype.c:262
#27 0x7f9c683a492e in call_dissector_through_handle
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:648
#28 0x7f9c683a492e in call_dissector_work
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:723
#29 0x7f9c683a7d41 in call_dissector_with_data
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:2792
#30 0x7f9c68807772 in dissect_eth_common
/workarea/fuzz/victimlibs2/wireshark/epan/dissectors/packet-eth.c:539
#31 0x7f9c68808822 in dissect_eth
/workarea/fuzz/victimlibs2/wireshark/epan/dissectors/packet-eth.c:803
#32 0x7f9c683a492e in call_dissector_through_handle
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:648
#33 0x7f9c683a492e in call_dissector_work
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:723
#34 0x7f9c683a5707 in dissector_try_uint_new
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:1187
#35 0x7f9c68853185 in dissect_frame
/workarea/fuzz/victimlibs2/wireshark/epan/dissectors/packet-frame.c:507
#36 0x7f9c683a492e in call_dissector_through_handle
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:648
#37 0x7f9c683a492e in call_dissector_work
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:723
#38 0x7f9c683a7d41 in call_dissector_with_data
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:2792
#39 0x7f9c683a8cb3 in dissect_record
/workarea/fuzz/victimlibs2/wireshark/epan/packet.c:531
#40 0x7f9c6838ff2b in epan_dissect_run
/workarea/fuzz/victimlibs2/wireshark/epan/epan.c:365
#41 0x410ea3 in process_packet_first_pass
/workarea/fuzz/victimlibs2/wireshark/tshark.c:2694
#42 0x410ea3 in load_cap_file
/workarea/fuzz/victimlibs2/wireshark/tshark.c:2987
#43 0x410ea3 in main /workarea/fuzz/victimlibs2/wireshark/tshark.c:1873
#44 0x7f9c614f282f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#45 0x412608 in _start (/workarea/fuzz/bin/shark/tshark+0x412608)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 ??
==22261==ABORTING
You are receiving this mail because:
- You are watching all bug changes.