Bug ID |
12742
|
Summary |
Possible Null Pointer Dereference in packet-ntlmssp.c
|
Product |
Wireshark
|
Version |
2.0.5
|
Hardware |
x86
|
OS |
Fedora
|
Status |
UNCONFIRMED
|
Severity |
Trivial
|
Priority |
Low
|
Component |
Dissection engine (libwireshark)
|
Assignee |
[email protected]
|
Reporter |
[email protected]
|
Build Information:
Wireshark 2.0.5 (Git Rev Unknown from unknown)
Copyright 1998-2016 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with Qt 4.8.7, with libpcap, without POSIX capabilities,
without libnl, with libz 1.2.8, with GLib 2.48.1, without SMI, without c-ares,
without ADNS, without Lua, without GnuTLS, without Gcrypt, without Kerberos,
without GeoIP, with QtMultimedia, without AirPcap.
Running on Linux 4.6.5-300.fc24.x86_64, with locale en_US.UTF-8, with libpcap
version 1.7.4, with libz 1.2.8.
Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz (with SSE4.2)
Built using gcc 6.1.1 20160510 (Red Hat 6.1.1-2).
--
I ran static code analysis (Cppcheck) on the codebase, and there is a null
pointer dereference for pass_list found in
epan/dissectors/packet-ntlmssp.c:583. An examination of the code shows that
*pass_list is initialized to NULL upon declaration, and is dereferenced in line
583 with pass_list[i].md4. Now pass_list will get populated in line 553 with
the get_md4pass_list function, but this code is only called if
HAVE_HEIMDAL_KERBEROS or HAVE_MIT_KERBEROS are defined. A recursive search
revealed that they do get #define in the configure script, but there is an
underlying assumption that these #defines will exist. At the very least, line
583 should have the same #if defined (HAVE_HEIMDAL_KERBEROS ||
defined(HAVE_MIT_KERBEROS) statement surrounding it.
You are receiving this mail because:
- You are watching all bug changes.