Wireshark-bugs: [Wireshark-bugs] [Bug 11443] New: tshark crash when specifying ssl.keys_list on
Date: Thu, 13 Aug 2015 15:41:59 +0000
Bug ID 11443
Summary tshark crash when specifying ssl.keys_list on cli
Product Wireshark
Version 1.12.7
Hardware x86
OS Mac OS X 10.9
Status UNCONFIRMED
Severity Major
Priority Low
Component TShark
Assignee bugzilla-admin@wireshark.org
Reporter tom@qacafe.com

Build Information:
TShark 1.12.7 (v1.12.7-0-g7fc8978 from master-1.12)

Copyright 1998-2015 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.36.0, with libpcap, with libz 1.2.3, without
POSIX
capabilities, with SMI 0.4.8, without c-ares, without ADNS, with Lua 5.2,
without Python, with GnuTLS 2.12.19, with Gcrypt 1.5.0, with MIT Kerberos, with
GeoIP.

Running on Mac OS X 10.9.5, build 13F34 (Darwin 13.4.0), with locale
en_US.UTF-8, with libpcap version 1.3.0 - Apple version 41, with libz 1.2.5.
      Intel(R) Core(TM) i7-3615QM CPU @ 2.30GHz

Built using llvm-gcc 4.2.1 (Based on Apple Inc. build 5658) (LLVM build
2336.9.00).
--
When using tshark if the ssl_keys preference is specified on the command line
tshark give the following error:

% tshark -r rsasnakeoil2.cap -o "ssl.keys_list:
127.0.0.1,443,http,/Users/tom/Documents/pcaps/ssl/rsasnakeoil2/rsasnakeoil2.key"
tshark-bin(22347,0x7fff7e195310) malloc: *** error for object 0x10a001478:
pointer being freed was not allocated
*** set a breakpoint in malloc_error_break to debug
[1]    22347 abort      tshark -r rsasnakeoil2.cap -o

If instead the ssl.keys_list is defined in the .wireshark directory then tshark
does display the decrypted traffic. This is the contents of the ssl_keys file
that does decrypt the traffic in this capture:

% cat ~/.wireshark/ssl_keys
# This file is automatically generated, DO NOT MODIFY.
"127.0.0.1","443","http","/Users/tom/Documents/pcaps/ssl/rsasnakeoil2/rsasnakeoil2.key",""

Please let me know if there is any additional information that can be provided
or anything I can do to help troubleshoot this. I used the rsasnakeoil2 example
for this test which I dowloaded at the following location but this does not
seem limited to just this capture:

https://wiki.wireshark.org/SampleCaptures?action="">


You are receiving this mail because:
  • You are watching all bug changes.