Wireshark-dev: Re: [Wireshark-dev] Crash in dissect_smb2_command

From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>
Date: Mon, 26 Sep 2016 09:53:25 -0400


On Sun, Sep 25, 2016 at 12:47 PM, Paul Offord <Paul.Offord@xxxxxxxxxxxx> wrote:

Hi,

 

Between 2.2 and the latest git a change seems to have been made to dissect_smb2_getinfo_request().  It now returns an integer based on the difference between two dissected values:

 

               offset = getinfo_offset + getinfo_size;

 

               return offset;

 

Unfortunately getinfo_offset and getinfo_size are sometimes zero and so a zero offset is returned.  On return to dissect_smb2_command there’s some fiddling around until we get to:

 

               proto_item_set_len(cmd_item, offset-old_offset);

 

The calculation of offset-old_offset yields a negative number which is passed to proto_item_set_len as a length parameter.  In proto_item_set_len we have:

 

               DISSECTOR_ASSERT(length >= 0);

 

Obviously this causes an exception.

 

Do I just feed this back as commentary on the Patch Set or should I raise a bug? 


Either one works but if you do the former you should be prepared to remember the comment and raise a bug if you don't get a response.

If the former, can you point me to the change because I can’t seem to find it?


"git log -p" is your friend for this kind of thing (or "git blame"):