Wireshark-bugs: [Wireshark-bugs] [Bug 6817] New: TShark 1.6.5 immediately crashes on SSL decrypt
Date: Thu, 9 Feb 2012 05:53:13 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6817

           Summary: TShark 1.6.5 immediately crashes on SSL decryption
                    (every time)
           Product: Wireshark
           Version: 1.6.5
          Platform: x86
        OS/Version: Windows 7
            Status: NEW
          Severity: Critical
          Priority: Low
         Component: TShark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: israeln@xxxxxxxxxxxx


Created attachment 7804
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=7804
encrypted traffic

Build Information:
TShark 1.6.5 (SVN Rev 40429 from /trunk-1.6)

Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GLib 2.26.1, with WinPcap (version unknown), with libz
1.2.5, without POSIX capabilities, without libpcre, with SMI 0.4.8, with c-ares
1.7.1, with Lua 5.1, without Python, with GnuTLS 2.10.3, with Gcrypt 1.4.6,
with
MIT Kerberos, with GeoIP.

Running on 32-bit Windows 7, build 7600, with WinPcap version 4.1.2 (packet.dll
version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b (20091008).

Built using Microsoft Visual C++ 9.0 build 21022
--
Current version of TShark crashes when passing it the ssl.keys_list parameter
and the key file is successfully found.
In tshark 1.6.2 and older I could use the following to decrypt the traffic in
the attached file:

"c:\Program Files\Wireshark\tshark.exe" -r input.pcap -o
"ssl.keys_list:172.30.2.31,443,http,private.key"  -R "http" -T pdml

as long as private.key and input.pcap were in the folder from which I was
executing tshark.
With 1.6.5, tshark immediately crashes. If I change the key file name to a file
that does not exist, tshark doesn't crash (but obviously, doesn't decrypt the
traffic). Wireshark, on the other hand, works well - that is setting the
decryption parameters from the UI works.

Attached is a sample pcap file and the key file required to decrypt it using
the parameters above.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.