Wireshark-bugs: [Wireshark-bugs] [Bug 5095] new dissector for Apache Etch
Date: Mon, 11 Oct 2010 19:03:30 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5095

Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jeff.morriss.ws@xxxxxxxxx

--- Comment #13 from Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> 2010-10-11 19:03:20 PDT ---
It looks like stdio.h IS needed (on Linux at least).  I got a bunch of compiler
warnings/errors:

packet-etch.c: In function ‘add_symbols_of_file’:
packet-etch.c:257: error: ‘FILE’ undeclared (first use in this function)
packet-etch.c:257: error: (Each undeclared identifier is reported only once
packet-etch.c:257: error: for each function it appears in.)
packet-etch.c:257: error: ‘pFile’ undeclared (first use in this function)
cc1: warnings being treated as errors
packet-etch.c:258: error: implicit declaration of function ‘fopen’
packet-etch.c:262: error: implicit declaration of function ‘fgets’
packet-etch.c:277: error: implicit declaration of function ‘sscanf’
packet-etch.c:277: error: incompatible implicit declaration of built-in
function ‘sscanf’
packet-etch.c:289: error: implicit declaration of function ‘fclose’
packet-etch.c: In function ‘read_type’:
packet-etch.c:351: error: format not a string literal and no format arguments
packet-etch.c: In function ‘read_key_value’:
packet-etch.c:604: error: format not a string literal and no format arguments
packet-etch.c: In function ‘get_etch_message_len’:
packet-etch.c:704: error: unused parameter ‘pinfo’
packet-etch.c: In function ‘proto_register_etch’:
packet-etch.c:905: error: passing argument 5 of
‘prefs_register_string_preference’ from incompatible pointer type
../../epan/prefs.h:344: note: expected ‘const char **’ but argument is of type
‘char **’


I had to make these changes to get it to compile.  The variable initialization
is a false-positive "uninitialized variable" warning from gcc.

--- epan/dissectors/packet-etch.c    2010-10-11 21:53:32.322791574 -0400
+++ epan/dissectors/packet-etch.c.compiles    2010-10-11 21:53:15.901792363
-0400
@@ -46,6 +46,7 @@
 #include <epan/dissectors/packet-tcp.h>
 #include <epan/emem.h>
 #include <string.h>
+#include <stdio.h>

 /*
  * maximum numbers for symbols from config files
@@ -148,7 +149,7 @@
 static int               gbl_symbols_count = 0;
 static value_string*     gbl_symbols = NULL;
 static emem_strbuf_t*    gbl_symbol_buffer = NULL;
-static char*             gbl_keytab_folder = "";
+static const char*       gbl_keytab_folder = "";
 static guint             gbl_etch_port = 0;

 /***************************************************************************/
@@ -348,7 +349,7 @@
   guint32 type_code = tvb_get_guint8(tvb, *offset);
   const gchar* type_as_string = NULL;
   type_as_string = val_to_str(type_code, tc_lookup_table, "Etch TypeCode:
0x%02x");
-  proto_tree_add_text(etch_tree, tvb, *offset, 1, type_as_string);
+  proto_tree_add_text(etch_tree, tvb, *offset, 1, "%s", type_as_string);
   (*offset)++;
   return type_code;
 }
@@ -601,7 +602,7 @@

   /* Try to read the symbol of the Key */
   proto_item_append_text(parent_ti, " (");
-  proto_item_append_text(parent_ti, gbl_symbol_buffer->str);
+  proto_item_append_text(parent_ti, "%s", gbl_symbol_buffer->str);
   proto_item_append_text(parent_ti, ")");

   ti = proto_tree_add_item(new_tree_bck, hf_etch_valuename, tvb, *offset,
@@ -658,7 +659,7 @@
 static void dissect_etch_message(tvbuff_t * tvb, packet_info * pinfo,
                                  proto_tree * tree)
 {
-  emem_strbuf_t* colInfo;
+  emem_strbuf_t* colInfo = NULL;

   if (pinfo->cinfo || tree) {
     colInfo = get_column_info(tvb);    /* get current symbol */
@@ -701,7 +702,7 @@
 /*
  * determine PDU length of protocol etch 
  */
-static guint get_etch_message_len(packet_info * pinfo, tvbuff_t * tvb,
+static guint get_etch_message_len(packet_info * pinfo _U_, tvbuff_t * tvb,
                                   int offset)
 {
   /* length is at offset 4. we add magic bytes length + length size */


After doing that, it failed fuzz testing pretty quickly, though:
(gdb) bt
#0  0x00000036f6a47ff7 in vfprintf () from /lib64/libc.so.6
#1  0x00000036f6af8830 in __vsnprintf_chk () from /lib64/libc.so.6
#2  0x00007fc119c0adb8 in proto_item_append_text (pi=<value optimized out>,
format=0x7fc11ab5bf9f "%s") at proto.c:3715
#3  0x00007fc119dee483 in read_key_value (offset=0x7fc117bdb708, tvb=0x1c40d80,
etch_tree=<value optimized out>, add_type_field=<value optimized out>) at
packet-etch.c:605
#4  read_struct (offset=0x7fc117bdb708, tvb=0x1c40d80, etch_tree=<value
optimized out>, add_type_field=<value optimized out>) at packet-etch.c:575
#5  0x00007fc11a10ecde in tcp_dissect_pdus (tvb=0x1c40a40,
pinfo=0x7fffe45914e0, tree=0x1c40690, proto_desegment=1, fixed_len=8,
get_pdu_len=
    0x7fc119dedc10 <get_etch_message_len>, dissect_pdu=0x7fc119dee520
<dissect_etch_message>) at packet-tcp.c:2099
#6  0x00007fc119dedbc6 in dissect_etch (tvb=0x1c40a40, pinfo=0x7fffe45914e0,
tree=0x1c40690) at packet-etch.c:730
#7  0x00007fc119bfcfb4 in dissector_try_heuristic (sub_dissectors=<value
optimized out>, tvb=0x1c40a40, pinfo=0x7fffe45914e0, tree=0x1c40690) at
packet.c:1657

[..]

(gdb) up
#3  0x00007fc119dee483 in read_key_value (offset=0x7fc117bdb708, tvb=0x1c40d80,
etch_tree=<value optimized out>, add_type_field=<value optimized out>) at
packet-etch.c:605
605      proto_item_append_text(parent_ti, "%s", gbl_symbol_buffer->str);
(gdb) print gbl_symbol_buffer->str
$1 = (gchar *) 0xdeadbeefdeadbeef <Address 0xdeadbeefdeadbeef out of bounds>

(ep_allocated memory is reset to 0xdeadbeef after it is freed--at least during
fuzz testing.)

I didn't investigate further.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.