Wireshark-bugs: [Wireshark-bugs] [Bug 7436] Single packet capture takes 10 CPU-seconds to decode
Date: Thu, 5 Jul 2012 05:58:10 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7436

--- Comment #3 from Jakub Zawadzki <darkjames-ws@xxxxxxxxxxxx> 2012-07-05 05:58:09 PDT ---
Created attachment 8720
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=8720
trim-lone-packet-obfuscated -- longer loop

Hi,

This packet was crafted or it's valid nfs packet?

In dissect_rpc_chanattrs4() there's nice loop:
for (i = 0; i < rdma_ird_len; i++)
  offset = dissect_rpc_uint32(tvb, tree, hf_nfs_rdmachanattrs4, offset);

rdma_ird_len is fetched from tvb (32-bit integer) without validation.
dissect_rpc_uint32() won't throw exception when tree is NULL.

I'm not sure about right fix for this bug, and I'll just attach sample with
bigger rdma_ird_len ;-) (old one: 0x6a617200, new one: 0xffffffff)

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.