Wireshark-bugs: [Wireshark-bugs] [Bug 1034] New: Segfault when dissecting iSCSI traffic
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1034
Summary: Segfault when dissecting iSCSI traffic
Product: Wireshark
Version: 0.99.2
Platform: PC
URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=381860
OS/Version: Linux
Status: NEW
Severity: Blocker
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: fpeters@xxxxxxxxxx
Forwarded from Debian BTS,
Reading a tcpdump-produced traffic dump of iSCSI traffic causes
wireshark to segfault. A debug build gives a readable backtrace, and the
three topmost trace lines are enough to identify what went wrong:
Core was generated by `wireshark iscsi-plain-ext2.dump'.
Program terminated with signal 11, Segmentation fault.
#0 0xb75cc158 in dissect_scsi_payload (tvb=0x8770480, pinfo=0x8722950,
tree=0x8724de8, isreq=1, itlq=0xb479da90, itl=0x0) at packet-scsi.c:7832
7832 devtype = cdata->itl->cmdset&SCSI_CMDSET_MASK;
(gdb) up
#1 0xb7384521 in dissect_iscsi_pdu (tvb=0x8770618, pinfo=0x8722950,
tree=0x8724de8, offset=52, opcode=5 '\005',
opcode_str=0xb7995df7 "SCSI Data Out", data_segment_len=8192,
iscsi_session=0xb479d970) at packet-iscsi.c:1564
1564 dissect_scsi_payload (data_tvb, pinfo, tree,
(gdb) up
#2 0xb7385d69 in dissect_iscsi (tvb=0x8770618, pinfo=0x8722950,
tree=0x8724de8, check_port=0) at packet-iscsi.c:2284
2284 dissect_iscsi_pdu(tvb, pinfo, tree, offset, opcode,
opcode_str, data_segment_len, iscsi_session);
The problem is right here:
#0 0xb75cc158 in dissect_scsi_payload (tvb=0x8770480, pinfo=0x8722950,
tree=0x8724de8, isreq=1, itlq=0xb479da90, itl=0x0) at packet-scsi.c:7832
^^^^^^^
7832 devtype = cdata->itl->cmdset&SCSI_CMDSET_MASK;
^^^
And these are certainly the same thing:
(gdb) p *cdata
$6 = {type = 1, itlq = 0xb479da90, itl = 0x0}
No wonder it breaks.
I have attached the dump file in question. This should be reproducible
anywhere. It also seems the bug is unknown at upstream as well; at least
there is no report for it yet.
System information:
% uname -a
Linux plop 2.6.16.20 #3 PREEMPT Mon Jul 3 08:22:50 EEST 2006 i686
GNU/Linux
% dpkg -s libc6 | grep ^Version
Version: 2.3.6-18
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.