| Bug ID |
13050
|
| Summary |
[AMQP 1.0] Dissector fails to handle frames with length > 64Kb
|
| Product |
Wireshark
|
| Version |
2.2.1
|
| Hardware |
x86-64
|
| OS |
All
|
| Status |
UNCONFIRMED
|
| Severity |
Major
|
| Priority |
Low
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Build Information:
Running as user "root" and group "root". This could be dangerous.
TShark (Wireshark) 2.2.1 (Git Rev Unknown from unknown)
Copyright 1998-2016 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with libpcap, without POSIX capabilities, without libnl, with
GLib 2.46.2, with zlib 1.2.7, with SMI 0.4.8, with c-ares 1.10.0, without Lua,
with GnuTLS 3.3.24, with Gcrypt 1.5.3, with MIT Kerberos, with GeoIP.
Running on Linux 3.10.0-511.el7.x86_64, with locale en_US.UTF-8, with libpcap
version 1.5.3, with GnuTLS 3.3.24, with Gcrypt 1.5.3, with zlib 1.2.7.
Dual-Core AMD Opteron(tm) Processor 2216
Built using gcc 4.8.5 20150623 (Red Hat 4.8.5-11).
--
In packet-amqp.c frame lengths are deliberately truncated. This is an error as
frame length is an unsigned 32-bit quantity. The offending code is at line
7383:
/* XXX: The original code used only the low-order 16 bits of the 32 bit
length
* field from the PDU as the length to dissect */
{
guint length32;
length32 = tvb_get_ntohl(tvb, 0);
length = (length32 < 0x10000U) ? length32 : 0xFFFFU;
if (length32 > length) {
expert_add_info(pinfo, ti,
&ei_amqp_amqp_1_0_frame_length_exceeds_65K);
}
}
The fix is to just use length32 as-is. There are some ripple effects as the
16-bit length is passed to many other functions.
You are receiving this mail because:
- You are watching all bug changes.