Ethereal-dev: [Ethereal-dev] crashing iSCSI dissector, fix for bug in packet-tcp

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Ronnie Sahlberg" <rsahlber@xxxxxxxxxxxxxx>
Date: Wed, 31 Oct 2001 07:32:02 +1100
Hi list,

Attached is a small fix for packet-tcp that solves the problems with
iSCSI (and probably others using tcp desegmentation) crashing when
toggling desegmentation on/off.

The bug was due to tcp desegmentation sometimes using the same
tsk->src, tsk->dst structures for multiple packets.

The second (or third time) we would try to g_free  the same tsk->src and
tsk->src->data
structures something else might already have reused and overwritten (got it
from g_malloc()?)
the memory area used by tsk->src
and if that someone else has overwritten the bytes where tsk->src->data
pointer was stored
we tried to free a wild pointer which caused ethereal to go down in flames.

tcp was changes to use a mem_chunk for tsk->src, tsk->dst structures instead
so this bug
should not occur again.

best regards
  ronnie s

Attachment: tcp-fix.diff.gz
Description: GNU Zip compressed data