URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3ce60ed112cfaac7483c22d182a165bbd22cb7de
Submitter: Peter Wu (peter@xxxxxxxxxxxxx)
Changed: branch: master
Repository: wireshark
Commits:
3ce60ed by Peter Wu (peter@xxxxxxxxxxxxx):
dtls: do not try to add a zero-length fragment
fragment_add does not like adding zero-length fragments, it causes a
zero-length memcpy to NULL.
According to RFC 6347, fragment_offset=0 and fragment_length=length is
an unfragmented message, so fragment>0 and fragment_length=length=0 is a
fragmented message.
An empty fragment does not extend a previous message, so ignore it.
Such fragments are produced by at least GnuTLS 3.3.7[1], so raise a
warning instead of an error.
Caught by ubsan:
epan/tvbuff.c:783:10: runtime error: null pointer passed as argument 1, which is declared to never be null
#0 0x7f5319f6ed64 in tvb_memcpy epan/tvbuff.c:783
...
#13 0x7f5319f27e2b in fragment_add epan/reassemble.c:1394
#14 0x7f531a5c70a4 in dissect_dtls_handshake epan/dissectors/packet-dtls.c:1257
[1]: http://comments.gmane.org/gmane.network.gnutls.general/3582
Change-Id: I70bf16d2fb64793d0deaabe612147e238b743b2e
Ping-Bug: 11358
Reviewed-on: https://code.wireshark.org/review/9689
Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@xxxxxxxxxxxxx>
Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
Actions performed:
from 3703b4e Fix ip_try_dissect() boolean return
adds 3ce60ed dtls: do not try to add a zero-length fragment
Summary of changes:
epan/dissectors/packet-dtls.c | 10 ++++++++++
1 file changed, 10 insertions(+)