Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 8111] DTLS dissector crash

Wireshark-bugs: [Wireshark-bugs] [Bug 8111] DTLS dissector crash

Date: Sun, 06 Jan 2013 03:57:09 +0000

Comment # 33 on bug 8111 from Martin Kaiser

(In reply to comment #23)
> Created attachment 9744 [details]
> Sanity checks in fragment_set_tot_len
> 
> These sanity checks also prevent the crash, although I'm not sure if they
> are perhaps overly strict?

in your patch, fd_head should be checked for NULL before it's dereferenced.
This case happens e.g. when fragment_set_tot_len() is called before
fragment_add() - like I suggested for DTLS. The order of these calls should be
changed back such that fragment_add() comes before fragment_set_tot_len().
Setting a length has no effect when no fragment was added for the given id.

The attached patch reverts my previous workaround and adds a NULL check to your
patch. This seems to fix #8111 and #8163.

You are receiving this mail because:

You are watching all bug changes.

Prev by Date: [Wireshark-bugs] [Bug 8167] Fix minor bug in proto_tree_add_split_bits_item_ret_val
Next by Date: [Wireshark-bugs] [Bug 8111] DTLS dissector crash
Previous by thread: [Wireshark-bugs] [Bug 8111] DTLS dissector crash
Next by thread: [Wireshark-bugs] [Bug 8111] DTLS dissector crash
Index(es):
- Date
- Thread