Wireshark-dev: Re: [Wireshark-dev] Wireshark 1.0.7 segfault when loading PCNFSD capture

From: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxxxx>
Date: Wed, 22 Apr 2009 08:10:45 +0100
Gerald Combs wrote:

It looks like "data" in pcnfsd_decode_obscure() might be NULL or have an
invalid value. Would it be possible to open a ticket at
bugs.wireshark.org and attach your capture file? The bug and/or
attachment can be marked private if needed.

Hi Gerald,

Yes it looks as if you are absolutely right. It seems that within the traces I captured from the client there were several transactions where the password field was empty (perhaps because they were just hitting enter at the login box when it kept failing?). The segfault occurs because pcnfsd_decode_obscure() attempts to alter the string passed to it, which fails miserably if the real string is empty and password points to a static "<EMPTY>" string instead.

The patch is simple enough that I've attached it here rather than opening a new bug on bugs.wireshark.org. Thanks for the excellent support!


ATB,

Mark.

--
Mark Cave-Ayland - Senior Technical Architect
PostgreSQL - PostGIS
Sirius Corporation plc - control through freedom
http://www.siriusit.co.uk
t: +44 870 608 0063
--- wireshark-1.0.7/epan/dissectors/packet-pcnfsd.c	2009-04-09 00:32:49.000000000 +0100
+++ wireshark-1.0.7.mod/epan/dissectors/packet-pcnfsd.c	2009-04-22 08:00:16.000000000 +0100
@@ -238,7 +238,10 @@
 	}
 
 	if (password) {
-		pcnfsd_decode_obscure(password, strlen(password));
+		/* Only attempt to decode the password if it has been specified */
+		if (strcmp(password, "<EMPTY>"))	
+			pcnfsd_decode_obscure(password, strlen(password));
+
 		if (password_tree)
 			proto_tree_add_string(password_tree,
 				hf_pcnfsd_auth_password_clear,