Wireshark-dev: [Wireshark-dev] Crash in dissect_smb2_command

From: Paul Offord <Paul.Offord@xxxxxxxxxxxx>
Date: Sun, 25 Sep 2016 16:47:09 +0000

Hi,

 

Between 2.2 and the latest git a change seems to have been made to dissect_smb2_getinfo_request().  It now returns an integer based on the difference between two dissected values:

 

               offset = getinfo_offset + getinfo_size;

 

               return offset;

 

Unfortunately getinfo_offset and getinfo_size are sometimes zero and so a zero offset is returned.  On return to dissect_smb2_command there’s some fiddling around until we get to:

 

               proto_item_set_len(cmd_item, offset-old_offset);

 

The calculation of offset-old_offset yields a negative number which is passed to proto_item_set_len as a length parameter.  In proto_item_set_len we have:

 

               DISSECTOR_ASSERT(length >= 0);

 

Obviously this causes an exception.

 

Do I just feed this back as commentary on the Patch Set or should I raise a bug?  If the former, can you point me to the change because I can’t seem to find it?

 

Thanks and regards…Paul

 


______________________________________________________________________

This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.

Any views or opinions expressed are solely those of the author and do not necessarily represent those of Advance Seven Ltd. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission.

Advance Seven Ltd. Registered in England & Wales numbered 2373877 at Endeavour House, Coopers End Lane, Stansted, Essex CM24 1SJ

______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________