Wireshark-bugs: [Wireshark-bugs] [Bug 9849] New: telephony->sctp->Analyse this association crash
Date: Fri, 07 Mar 2014 15:59:03 +0000
Bug ID 9849
Summary telephony->sctp->Analyse this association crashes Wireshark on manufactured SCTP packet
Classification Unclassified
Product Wireshark
Version 1.11.x (Experimental)
Hardware x86
OS All
Status UNCONFIRMED
Severity Normal
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter anders.broman@ericsson.com

Created attachment 12610 [details]
Single packet causing the crash

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
When creating a pcap file from a log file using text2pcap some missformed
packets where created those may crash wireshark. Including a single packet
that will cause the crash. The cause is that
struct _sctp_info {
  gboolean incomplete;
  gboolean adler32_calculated;
  gboolean adler32_correct;
  gboolean crc32c_calculated;
  gboolean crc32c_correct;
  gboolean checksum_zero;
  gboolean vtag_reflected;
  guint16 sport;
  guint16 dport;
  address ip_src;
  address ip_dst;
  guint32 verification_tag;
  guint16 assoc_index;
  guint16 direction;
  guint32 number_of_tvbs;                          <--- = 0
  tvbuff_t *tvb[MAXIMUM_NUMBER_OF_TVBS];
};

This will cause a crash in tap-sctp-analysis.c at 
line 393     if (tvb_get_guint8(sctp_info->tvb[0],0) == SCTP_INIT_CHUNK_ID)

I'm not sure if a protection should be inserted in packet-sctp.c at
  dissect_sctp_packet(tvb, pinfo, tree, FALSE);
  if (!pinfo->flags.in_error_pkt)
    tap_queue_packet(sctp_tap, pinfo, &sctp_info);
checing for number_of_tvbs or if something else should be done.


You are receiving this mail because:
  • You are watching all bug changes.