Wireshark-bugs: [Wireshark-bugs] [Bug 11790] Wireshark stack-based buffer overflow in AirPDcapPa
      
      
    
     Peter Wu
 changed
              bug 11790
        
          
             
          
            | What | Removed | Added | 
         
           | Priority | Low | High | 
         
           | Status | UNCONFIRMED | CONFIRMED | 
         
           | Ever confirmed |  | 1 | 
      
        
            Comment # 4
              on bug 11790
              from  Peter Wu
        Can confirm that this is a real issue. Affects at least Wireshark master and
2.0.0. 1.12.8 somehow did not crash on the capture.
Workaround: disable 802.11 decryption:
 tshark -r 1.pcap -o wlan.enable_decryption:0
--
ASAN backtrace for v2.0.0-69-g6793a03 is slightly different, possibly because
master has v2.1.0rc0-460-gcb3dd95:
==23836==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7fffffff1ed0 at pc 0x555555698f45 bp 0x7ffffffefaf0 sp 0x7ffffffef2a0
WRITE of size 43264 at 0x7fffffff1ed0 thread T0
    #0 0x555555698f44 in __asan_memcpy
(/tmp/wireshark-1.12/build-2.0/run/tshark+0x144f44)
    #1 0x7fffea9dbb5e in AirPDcapPacketProcess epan/crypt/airpdcap.c:708:13
    #2 0x7fffebace4a0 in try_decrypt epan/dissectors/packet-ieee80211.c:18744:7
    #3 0x7fffebac6e52 in dissect_ieee80211_common
epan/dissectors/packet-ieee80211.c:17857:16
    #4 0x7fffeba94fe5 in dissect_ieee80211
epan/dissectors/packet-ieee80211.c:18358:10
As far as I can see, the bug reaches far back. Maybe there is a way to trigger
the issue in other versions, but I did not check.
         
      
      
      You are receiving this mail because:
      
      
          - You are watching all bug changes.