Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 1944] New: rtsp dissector segfaults if handed incomplete data

[bugzilla-daemon@xxxxxxxxxxxxx]

http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1944

           Summary: rtsp dissector segfaults if handed incomplete data
           Product: Wireshark
           Version: SVN
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: acferen@xxxxxxxxx


Build Information:
wireshark 0.99.7 (SVN Rev 23276)

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.10.11, with GLib 2.12.11, with libpcap 0.9.8, with libz
1.2.3, with libpcre 6.7, without SMI, with ADNS, without Lua, with GnuTLS
1.4.4,
with Gcrypt 1.2.3, without Kerberos, with PortAudio <= V18, without AirPcap.

Running on Linux 2.6.20-16-generic, with libpcap version 0.9.8.

Built using gcc 4.1.2 (Ubuntu 4.1.2-0ubuntu4).

--
SVN Rev 23268 introduces changes that cause the wireshark to segfault.

Problem triggered for me inside an sFlow dissector where most of the actual
rtsp data was missing from the sample.

details:
packet-rtsp.c passes a string pointer to dissector_try_string(...) without
verifying that the pointer is pointing some place useful.

fix:
only call dissector_try_string(...) if the string pointer is not NULL.

and/or 

patch dissector_try_string(...) to return FALSE or assert if it is passed a
NULL.

I'll include patches for both.  The packet-rtsp.c patch should be applied
either way.  I'm ambivalent about the packet.c patch.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.