On Fri, Mar 08, 2002 at 09:32:16AM +0100, Pierre-Yves Bonnetain wrote:
> Still playing with Ethereal on my data, which today comes from a
> test network where I am playing with some attack tools. And lo, ethereal
> core dumps again.
>
> [bonnetain@maquette]$ tethereal -v
> tethereal 0.8.20, with GLib 1.2.6, with libpcap 0.6, with libz 1.1.3,
> with CMU SNMP V1.14, Shared (1:14:0)
What does Ethereal or Tethereal 0.9.2 do? I tried 0.9.2 (well,
actually, the current CVS version) on your capture, and it reported
the second frame as being a "[Malformed Packet: SNMP]", probably
because...
> This seems to come from :
>
> (gdb) list asn1_oid_value_decode
> 789 int
> 790 asn1_oid_value_decode ( ASN1_SCK *asn1, int enc_len, subid_t
> **oid, guint *len)
> 791 {
> 792 int ret;
> 793 int eoc;
> 794 subid_t subid;
> 795 guint size;
> (gdb)
> 796 subid_t *optr;
> 797
> 798 eoc = asn1->offset + enc_len;
> 799 size = enc_len + 1;
> 800 *oid = g_malloc(size * sizeof(gulong));
> 801 optr = *oid;
>
> Where I have, surprise surprise...
>
> (gdb) print size
> $5 = 2147483648
...we now handle that case, in 0.9.2. (We test whether we can fetch
the last byte of the OID, as indicated by "enc_len", before we even
bother mallocating a buffer for it; if "enc_len" is bogusly large, that
test will fail, and we'll just report it as a malformed packet.)
