Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 8735] USB CCID dissector "runs off the rails" when trying to dissect non-exist

Wireshark-bugs: [Wireshark-bugs] [Bug 8735] USB CCID dissector "runs off the rails" when trying

Date: Thu, 30 May 2013 18:21:43 +0000

What	Removed	Added
Attachment #10866 Flags	review_for_checkin?	review_for_checkin-

Comment # 2 on bug 8735 from Michael Mann

Comment on attachment 10866 [details]
A patch that checks to see if usbccid.dwLength == 0, before trying to dissect
non-existent RDR_to_PC_DataBlock payloads

Filtering on "malformed", I find 7 packets (72, 250, 512, 1878, 2864, 3196, and
3520).  Applying the patch doesn't fix any of them (in fact it doesn't appear
to even execute the code on those frames.

Also, there seems to be some discrepancy with the size of hf_ccid_dwLength. 
It's a FT_UINT8, but all length parameters in its proto_tree_add_item are 4.

I also think "next_tvb" could be checked in such a way to show there are no
bytes in it (although the length check may be faster and need to be done before
the next_tvb is setup).  This should probably be done for all instances of
where hf_ccid_dwLength is used to call a subdissector.

You are receiving this mail because:

You are watching all bug changes.

References:
- [Wireshark-bugs] [Bug 8735] New: USB CCID dissector "runs off the rails" when trying to dissect non-existent RDR_to_PC_DataBlock payloads
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 8707] Preferences with trailing commas are ignored
Next by Date: [Wireshark-bugs] [Bug 8735] USB CCID dissector "runs off the rails" when trying to dissect non-existent RDR_to_PC_DataBlock payloads
Previous by thread: [Wireshark-bugs] [Bug 8735] USB CCID dissector "runs off the rails" when trying to dissect non-existent RDR_to_PC_DataBlock payloads
Next by thread: [Wireshark-bugs] [Bug 8735] USB CCID dissector "runs off the rails" when trying to dissect non-existent RDR_to_PC_DataBlock payloads
Index(es):
- Date
- Thread