Wireshark-bugs: [Wireshark-bugs] [Bug 4505] New: Wireshark crashes during IEEE 802.15.4 decrypti
Date: Thu, 18 Feb 2010 19:26:29 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4505

           Summary: Wireshark crashes during IEEE 802.15.4 decryption
           Product: Wireshark
           Version: SVN
          Platform: Other
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: osk@xxxxxxxxxx


Created an attachment (id=4304)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4304)
Fix to IEEE 802.15.4 dissector.

Build Information:
Version 1.3.3

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.18.5, with GLib 2.22.3, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, without libpcre, with SMI 0.4.8,
with c-ares 1.7.0, with Lua 5.1, without Python, with GnuTLS 2.8.5, with Gcrypt
1.4.5, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Jan 26
2010), with AirPcap, with new_packet_list.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.0.2
(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, GnuTLS 2.8.5,
Gcrypt 1.4.5, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Wireshark crashes when decrypting IEEE 802.15.4 packets with a zero-length
payload. The crash happens when calling add_new_data_source() with a
zero-length tvbuff. The attached patch works around the problem by calling
add_new_data_source() only when there is a payload to decrypt.

I would have anticipated the dissector to catch an exception if the dissector
had done something wrong, instead the entire program crashes.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.