Wireshark-bugs: [Wireshark-bugs] [Bug 9098] New: fix NTLMSSP Target Info Attribute dissection
Date: Tue, 03 Sep 2013 23:14:32 +0000
Bug ID 9098
Summary fix NTLMSSP Target Info Attribute dissection
Classification Unclassified
Product Wireshark
Version SVN
Hardware x86
OS Mac OS X 10.7
Status UNCONFIRMED
Severity Normal
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter doj@cubic.org

Created attachment 11499 [details]
fix NTLMSSP Target Info Attribute dissection

Build Information:

--
This is an additional bug fix on top of Bug 8640. The NTLMSSP Target Info
Attributes can have a 0 content length. But the current code will still try to
dissect a timestamp and can throw an out of bounds exception. The attached fix
will only attempt to dissect the attribute if the content length is > 0.
I've also added an expert info warning if the Target Info Attribute is of on
unknown type and thus have passed the pinfo pointer into a couple of function
parameter lists.

See the attached capture file for a DCE/RPC BindAck with an NTLMSSP blob
showing the problem. This fix should also be applied to the 1.10 release of
Wireshark where changes for Bug 8640 were made.


You are receiving this mail because:
  • You are watching all bug changes.