Wireshark-dev: [Wireshark-dev] Segfault when running older Wireshark with capture from CVE-2013
From: Martin Sehnoutka <msehnout@xxxxxxxxxx>
Date: Fri, 11 Nov 2016 10:33:43 +0100
Hi,

I'm running wireshark 1.8 and it sometimes segfaults when I'm repeatedly
executing tshark with capture from this bug:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7664 (CVE-2013-4075).

It seems that the function 'csnStreamDissector' sometimes fails and in
turn causes the segfault.
I can bypass it with this patch:
https://github.com/msehnout/wireshark/commit/103b383db500c6fb00e77b342241ff7475185676

Shouldn't we check the return value of that function?

The newest version is not affected, it seems to add one extra line, but
the return value is still not handled:
https://github.com/msehnout/wireshark/blob/master/epan/dissectors/packet-gmr1_bcch.c#L1091

Thanks for any advice.
Martin

-- 
Martin Sehnoutka | Associate Software Engineer
PGP: 5FD64AF5
UTC+1 (CET)
RED HAT | TRIED. TESTED. TRUSTED.