Wireshark-bugs: [Wireshark-bugs] [Bug 7436] Single packet capture takes 10 CPU-seconds to decode
Date: Thu, 5 Jul 2012 12:18:00 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7436

Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jeff.morriss.ws@xxxxxxxxx

--- Comment #6 from Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> 2012-07-05 12:17:59 PDT ---
(In reply to comment #3)
> Created attachment 8720 [details]
> trim-lone-packet-obfuscated -- longer loop
> 
> Hi,
> 
> This packet was crafted or it's valid nfs packet?
> 
> In dissect_rpc_chanattrs4() there's nice loop:
> for (i = 0; i < rdma_ird_len; i++)
>   offset = dissect_rpc_uint32(tvb, tree, hf_nfs_rdmachanattrs4, offset);
> 
> rdma_ird_len is fetched from tvb (32-bit integer) without validation.
> dissect_rpc_uint32() won't throw exception when tree is NULL.

And making the obvious fix to that function (taking out the if(tree)) just
means that the code then runs into bug 3290 (and the loop takes even longer!).
:-(  I really need to make the time to deal with that bug.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.