Wireshark · Wireshark-dev: Re: [Wireshark-dev] OpcUa update

Wireshark-dev: Re: [Wireshark-dev] OpcUa update

From: Ulf Lamping <ulf.lamping@xxxxxx>

Date: Sat, 05 May 2007 13:22:51 +0200

Gerhard Gappmeier wrote:

Hi Ulf,

here is an updated version of the OpcUa dissector with a changed
security layer.
I also attached a new capture file with more traffic for the regression
test.

Hi Gerhard!

Sorry for the delay!

I've had a look at your dissector now and unfortunately it lacks therequired robustness.

A fuzzed Sample.cap file (attached) crashed TShark and took a *very*long time (2 mins) to load in WS.



Some points that I've seen immediately:

- you *must* end *every* value_string you use by a an ending sequence {0, NULL }, otherwise unexpected values coming from the network willresult in an access violation, as the corresponding access functionswill run into the wrong memory areas- e.g. opcua.c / g_szMessageTypes unnecessarily re-implements avalue_string - this bloats code size and complexity

Please have a look at http://wiki.wireshark.org/FuzzTesting to do somemore regression tests on your own ...


Regards, ULFL

Attachment: editcap.out.1178362914
Description: Binary data

Follow-Ups:
- Re: [Wireshark-dev] OpcUa update
  - From: Gerhard Gappmeier

Prev by Date: Re: [Wireshark-dev] [Wireshark-commits] rev 21669: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-dcerpc-winreg.c /trunk/epan/dissectors/pidl/: winreg.cnf
Next by Date: Re: [Wireshark-dev] sniffing a device with wireshark on linux
Previous by thread: Re: [Wireshark-dev] [Wireshark-commits] rev 21669: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-dcerpc-winreg.c /trunk/epan/dissectors/pidl/: winreg.cnf
Next by thread: Re: [Wireshark-dev] OpcUa update
Index(es):
- Date
- Thread