Wireshark-bugs: [Wireshark-bugs] [Bug 5277] New: Crash if using ssl.debug.file with no password
Date: Tue, 5 Oct 2010 09:48:17 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5277

           Summary: Crash if using ssl.debug.file with no password for
                    ssl.keys_list.
           Product: Wireshark
           Version: 1.4.0
          Platform: x86
        OS/Version: Solaris
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: TShark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: james.templeton@xxxxxxxxxx


Build Information:
TShark 1.2.3

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.20.0, with libpcap 1.1.1, with libz 1.2.3, without POSIX
capabilities, with libpcre 8.0, without SMI, without c-ares, without ADNS, with
Lua 5.1, with GnuTLS 2.6.4, with Gcrypt 1.4.4, with MIT Kerberos, with GeoIP.

Running on SunOS 5.10, with libpcap version 1.1.1, GnuTLS 2.8.6, Gcrypt 1.4.6.

Built using Sun C 5.8

--
If you run tshark with the ssl.debug_file preference set to a file name or '-',
and with the ssl.key_list preference set with just 4 parameters -- that is, no
password -- tshark will cause a seg fault.

Looks like the code on line 3137 of packet-ssl-utils.c is at fault. It attempts
to print out the ssl parameters, including the password. Since there is no
password, it is using a null pointer, causing the seg fault. Suggest adding
logic to only print the password if the pointer is not null.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.