Wireshark-bugs: [Wireshark-bugs] [Bug 8735] New: USB CCID dissector "runs off the rails" when tr
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Thu, 30 May 2013 13:55:53 +0000
Bug ID 8735
Summary USB CCID dissector "runs off the rails" when trying to dissect non-existent RDR_to_PC_DataBlock payloads
Classification Unclassified
Product Wireshark
Version SVN
Hardware All
OS All
Status UNCONFIRMED
Severity Minor
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter tyson.key@gmail.com 

Created attachment 10866 [details]
A patch that checks to see if usbccid.dwLength == 0, before trying to dissect
non-existent RDR_to_PC_DataBlock payloads

Build Information:
wireshark 1.11.0 (SVN Rev 49595 from /trunk)

Copyright 1998-2013 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.24.13, with Cairo 1.12.2, with Pango 1.30.1, with
GLib 2.34.1, with libpcap, with libz 1.2.7, without POSIX capabilities, with
libnl 1, without SMI, without c-ares, without ADNS, without Lua, without
Python,
without GnuTLS, with Gcrypt 1.5.0, without Kerberos, without GeoIP, without
PortAudio, without AirPcap.

Running on Linux 3.5.0-28-generic, with locale ja_JP.UTF-8, with libpcap
version
1.5.0-PRE-GIT_2013_04_17, with libz 1.2.7, Gcrypt 1.5.0.

Built using gcc 4.7.2.

--
It appears that when a USB CCID subdissector (in this case, ISO 7816) is
enabled, and usbccid.dwLength == 0 for RDR_to_PC_DataBlock packets, a pointless
attempt at dissecting a non-existent payload is made, and the packet is
(incorrectly?) marked as "malformed".

The attached patch should remedy this issue.

You are receiving this mail because:
  • You are watching all bug changes.