Wireshark · Ethereal-dev: Re: [ethereal-dev] SIGSEGV in strlen() -> packet-smb.c:9023

Ethereal-dev: Re: [ethereal-dev] SIGSEGV in strlen() -> packet-smb.c:9023

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Florian Lohoff <flo@xxxxxxxxxx>

Date: Thu, 25 Nov 1999 15:46:01 +0100

On Thu, Nov 25, 1999 at 03:12:54PM +0100, Florian Lohoff wrote:
> 
> I can reproduce this easily - Out lan seems to be full
> of this Frames :)

This is the Segfaulting section ...

------------------------------------------------------------------

dissect_transact_params(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn, int DataOffset, int DataCount, int ParameterOffset, int ParameterCount, const char *TransactName)
{
  char             *TransactNameCopy;
  char             *trans_type = NULL, *trans_cmd, *loc_of_slash;
  int              index;
  guint8           Pad2;
  const gchar      *Data;


---> *TransactName is 0x0


  TransactNameCopy = g_malloc(strlen(TransactName) + 1);

  /* Should check for error here ... */

  strcpy(TransactNameCopy, TransactName);
  if (TransactNameCopy[0] == '\\')
    trans_type = TransactNameCopy + 1;  /* Skip the slash */
  loc_of_slash = strchr(trans_type, '\\');

---> trans_type = 0x0 -> Segfault ...

  if (loc_of_slash) {
    index = loc_of_slash - trans_type;  /* Make it a real index */
    trans_cmd = trans_type + index + 1;
    trans_type[index] = '\0';
  }
  else
    trans_cmd = NULL;

------------------------------------------------------------------

trans_type gets used uninitialized ...

I fixed the segfault with this ...

--- ethereal-0.7.8/packet-smb.c	Tue Nov 23 03:45:49 1999
+++ ethereal-0.7.8.flo/packet-smb.c	Thu Nov 25 15:41:38 1999
@@ -9025,8 +9025,9 @@
   /* Should check for error here ... */
 
   strcpy(TransactNameCopy, TransactName);
+  trans_type=TransactNameCopy;
   if (TransactNameCopy[0] == '\\')
-    trans_type = TransactNameCopy + 1;  /* Skip the slash */
+    trans_type++;  /* Skip the slash */
   loc_of_slash = strchr(trans_type, '\\');
   if (loc_of_slash) {
     index = loc_of_slash - trans_type;  /* Make it a real index */

But this is only a workaround i suppose ...

Now i get the following output

(flo@ping)/tmp/ethereal-0.7.8# sudo ddd ethereal
lmh 29 spacing 0 0 0
lmh 29 spacing 0 0 0
lmh 29 spacing 0 0 0
lmh 29 spacing 0 0 0
lmh 29 spacing 0 0 0
lmh 29 spacing 0 0 0

Flo
-- 
Florian Lohoff		flo@xxxxxxxxxx		      	+49-5241-470566
  ...  The failure can be random; however, when it does occur, it is
  catastrophic and is repeatable  ...             Cisco Field Notice

References:
- [ethereal-dev] SIGSEGV in strlen() -> packet-smb.c:9023
  - From: Florian Lohoff
- Re: [ethereal-dev] SIGSEGV in strlen() -> packet-smb.c:9023
  - From: Richard Sharpe
- Re: [ethereal-dev] SIGSEGV in strlen() -> packet-smb.c:9023
  - From: Florian Lohoff

Prev by Date: Re: [ethereal-dev] SIGSEGV in strlen() -> packet-smb.c:9023
Next by Date: Re: [ethereal-dev] SIGSEGV in strlen() -> packet-smb.c:9023
Previous by thread: Re: [ethereal-dev] SIGSEGV in strlen() -> packet-smb.c:9023
Next by thread: Re: [ethereal-dev] SIGSEGV in strlen() -> packet-smb.c:9023
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$