Wireshark-bugs: [Wireshark-bugs] [Bug 4505] Wireshark crashes during IEEE 802.15.4 decryption
Date: Fri, 19 Feb 2010 10:47:21 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4505

--- Comment #4 from Owen Kirby <osk@xxxxxxxxxx> 2010-02-19 10:47:19 PST ---
(In reply to comment #2)
> It makes no sense to even try to decrypt a zero-length chunk of bytes - after
> all, the content of the chunk will be the same before and after decryption. :-)
> 
> dissect_ieee802154_decrypt() can return NULL for a number of reasons; it should
> probably take an argument that points to a status code and fill in that status
> code, and dissect_ieee802154_common() should probably do the right thing
> depending on that status code (use the status code to put the appropriate
> indication in as expert info,  don't even bother dissecting as data if there's
> nothing to dissect).

Well, I may have been abusing what a tvbuff can do, but my hope was that a NULL
return code would mean a security failure, and a tvbuff with zero payload would
mean success, although with no result. There are a couple of ways to architect
around the problem, and I was hoping to get away with as small a change as
possible.

It's also worth noting that the payload size shrinks during decryption, there
is a variable length authentication tag that gets removed during the process.
So it's not entirely true that there is nothing to decrypt, it just so happens
there could be nothing left after decryption, which is when this crash occurs.

I will try to reproduce the malformed packets on my end as well.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.