Wireshark-bugs: [Wireshark-bugs] [Bug 8380] dissect_dtls dissector crash
Date: Sat, 23 Feb 2013 14:57:53 +0000

changed bug 8380

What Removed Added
Status UNCONFIRMED CONFIRMED
CC   eapache@gmail.com
Ever confirmed   1

Comment # 1 on bug 8380 from
There are a few weird things going on. The root cause seems to be DTLS grabbing
an enormous fragment offset from the packet and telling the reassembly machine
about it.

Then, in fragment_add_work, the initial check for data beyond the existing
packet doesn't succeed because the FD_PARTIAL_REASSEMBLY flag isn't set. This
leads it to falsely believe there is an overlap around line 785 (there isn't)
and do a memcmp call to invalid memory, leading to the crash.

In addition to this, there are also a large number of g_warnings about invalid
reassembly, out of bounds values etc.


You are receiving this mail because:
  • You are watching all bug changes.