Wireshark-commits: [Wireshark-commits] master 3ce60ed: dtls: do not try to add a zero-length fragme
From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Sun, 23 Aug 2015 16:48:10 +0000 (UTC)
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3ce60ed112cfaac7483c22d182a165bbd22cb7de
Submitter: Peter Wu (peter@xxxxxxxxxxxxx)
Changed: branch: master
Repository: wireshark

Commits:

3ce60ed by Peter Wu (peter@xxxxxxxxxxxxx):

    dtls: do not try to add a zero-length fragment
    
    fragment_add does not like adding zero-length fragments, it causes a
    zero-length memcpy to NULL.
    
    According to RFC 6347, fragment_offset=0 and fragment_length=length is
    an unfragmented message, so fragment>0 and fragment_length=length=0 is a
    fragmented message.
    
    An empty fragment does not extend a previous message, so ignore it.
    Such fragments are produced by at least GnuTLS 3.3.7[1], so raise a
    warning instead of an error.
    
    Caught by ubsan:
    
        epan/tvbuff.c:783:10: runtime error: null pointer passed as argument 1, which is declared to never be null
    
        #0 0x7f5319f6ed64 in tvb_memcpy epan/tvbuff.c:783
        ...
        #13 0x7f5319f27e2b in fragment_add epan/reassemble.c:1394
        #14 0x7f531a5c70a4 in dissect_dtls_handshake epan/dissectors/packet-dtls.c:1257
    
     [1]: http://comments.gmane.org/gmane.network.gnutls.general/3582
    
    Change-Id: I70bf16d2fb64793d0deaabe612147e238b743b2e
    Ping-Bug: 11358
    Reviewed-on: https://code.wireshark.org/review/9689
    Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
    Tested-by: Petri Dish Buildbot <buildbot-no-reply@xxxxxxxxxxxxx>
    Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
    

Actions performed:

    from  3703b4e   Fix ip_try_dissect() boolean return
    adds  3ce60ed   dtls: do not try to add a zero-length fragment


Summary of changes:
 epan/dissectors/packet-dtls.c |   10 ++++++++++
 1 file changed, 10 insertions(+)