Ethereal-dev: [ethereal-dev] [PATCH] sigsegv in packet-nfs.c:1214 (proto_item_set_text)
Hi,
i got a capture with nfs stuff in it where ethereal sigsegv.
I traced it down to packet-nfs.c:1214 using proto_item_set_text
with a 0x0 entry_item which the function tries to dereference - BOOM!
This is packet-nfs.c:(dissect_readdir_entry)
If tree is NULL there is no way of entry_item NOT null
1206 if (tree) {
1207 entry_item = proto_tree_add_item(tree, hf_nfs_readdir_entry, NullTVB,
1208 offset+0, END_OF_FRAME, FALSE);
1209 if (entry_item)
1210 entry_tree = proto_item_add_subtree(entry_item, ett_nfs_readdir_entry);
1211 }
1212
1213 if (!BYTES_ARE_IN_FRAME(offset, 4)) {
1214 proto_item_set_text(entry_item, "Entry: <TRUNCATED>");
1215 return offset;
1216 }
This patch solved it for although i dont know if this is any kind of
correct - But ethereal didnt crash anymore :)
diff -u -r1.36 packet-nfs.c
--- packet-nfs.c 2000/08/15 21:27:46 1.36
+++ packet-nfs.c 2000/08/26 12:20:06
@@ -1210,7 +1210,7 @@
entry_tree = proto_item_add_subtree(entry_item, ett_nfs_readdir_entry);
}
- if (!BYTES_ARE_IN_FRAME(offset, 4)) {
+ if (entry_item && !BYTES_ARE_IN_FRAME(offset, 4)) {
proto_item_set_text(entry_item, "Entry: <TRUNCATED>");
return offset;
}
Flo
--
Florian Lohoff flo@xxxxxxxxxx +49-5201-669912
"Write only memory - Oops. Time for my medication again ..."