Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 12594] New: Infinite loop in add_headers() in packet

Wireshark-bugs: [Wireshark-bugs] [Bug 12594] New: Infinite loop in add_headers() in packet_wsp.c

Date: Fri, 08 Jul 2016 00:44:28 +0000

Bug ID	12594
Summary	Infinite loop in add_headers() in packet_wsp.c
Product	Wireshark
Version	2.0.4
Hardware	x86-64
OS	All
Status	UNCONFIRMED
Severity	Major
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	bugzilla-admin@wireshark.org
Reporter	c.benedict@prometheuscomputing.com

Created attachment 14708 [details]
Sample generated with AFL

Build Information:
TShark (Wireshark) 2.0.4

Copyright 1998-2016 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with libnl 3,
with libz 1.2.8, with GLib 2.48.1, without SMI, with c-ares 1.11.0, with Lua
5.2, with GnuTLS 3.4.13, with Gcrypt 1.7.1, with MIT Kerberos, with GeoIP.

Running on Linux 4.6.3-1-ARCH, with locale en_US.utf8, with libpcap version
1.7.4, with libz 1.2.8, with GnuTLS 3.4.13, with Gcrypt 1.7.1.
       Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz (with SSE4.2)

Built using gcc 6.1.1 20160602.
--
This issue was uncovered with AFL (http://lcamtuf.coredump.cx/afl/)

This infinite loop is caused by an offset of 0 being returned by
wkh_content_disposition(). This offset of 0 prevents the while loop using
"offset < tvb_len" from returning and results in an infinite loop.

This issue has been observed in both tshark 1.12.x and 2.0.x.

Credit goes to Chris Benedict, Aurelien Delaitre, NIST SAMATE Project,
https://samate.nist.gov

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 12594] Infinite loop in add_headers() in packet_wsp.c
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12594] Infinite loop in add_headers() in packet_wsp.c
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12594] Infinite loop in add_headers() in packet_wsp.c
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12594] Infinite loop in add_headers() in packet_wsp.c
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12594] Infinite loop in add_headers() in packet_wsp.c
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12594] Infinite loop in add_headers() in packet_wsp.c
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12594] Infinite loop in add_headers() in packet_wsp.c
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12594] Infinite loop in add_headers() in packet_wsp.c
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12594] Infinite loop in add_headers() in packet_wsp.c
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12594] Infinite loop in add_headers() in packet_wsp.c
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12594] Infinite loop in add_headers() in packet_wsp.c
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12594] Infinite loop in add_headers() in packet_wsp.c
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12594] Infinite loop in add_headers() in packet_wsp.c
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 12471] ciscodump and sshdump crash when launching Wireshark.app due to missing libssh.4.dylib
Next by Date: [Wireshark-bugs] [Bug 12594] Infinite loop in add_headers() in packet_wsp.c
Previous by thread: [Wireshark-bugs] [Bug 12471] ciscodump and sshdump crash when launching Wireshark.app due to missing libssh.4.dylib
Next by thread: [Wireshark-bugs] [Bug 12594] Infinite loop in add_headers() in packet_wsp.c
Index(es):
- Date
- Thread