Wireshark-bugs: [Wireshark-bugs] [Bug 3689] New: dereference in packet-paltalk.c
Date: Wed, 8 Jul 2009 12:42:56 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3689

           Summary: dereference in packet-paltalk.c
           Product: Wireshark
           Version: 1.2.0
          Platform: Other
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: packetsteve@xxxxxxxxxxx


Build Information:
TShark 1.2.0

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.17.7, with libpcap 0.9.4, with libz 1.1.3, without POSIX
capabilities, without libpcre, without SMI, without c-ares, with ADNS, without
Lua, without GnuTLS, with Gcrypt 1.2.2, without Kerberos, without GeoIP.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running on SunOS 5.8, with libpcap version 0.9.4, Gcrypt 1.2.2.

Built using gcc 3.4.6.




--
packet-paltalk.c has a heuristic with this line.

        if (pinfo->net_src.type != AT_IPv4 || pinfo->net_dst.type != AT_IPv4
                        || pinfo->net_src.len != 4 || pinfo->net_dst.len != 4
                        || !pinfo->net_src.data || !pinfo->net_dst.data
                        || (((*(guint32*) pinfo->net_src.data) &
PALTALK_SERVERS_NETMASK) != PALTALK_SERVERS_ADDRESS
                         && ((*(guint32*) pinfo->net_dst.data) &
PALTALK_SERVERS_NETMASK) != PALTALK_SERVERS_ADDRESS))

The above dereference, *(guint32*) pinfo->net_src.data, 
may be invalid & crash Wireshark.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.