Wireshark-commits: [Wireshark-commits] master-2.2 f177008: LDSS: Fix a read overrun in dissect_ldss
From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Mon, 30 Apr 2018 13:23:24 +0000
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f177008b04a530640de835ca878892e58b826d58
Submitter: Peter Wu (peter@xxxxxxxxxxxxx)
Changed: branch: master-2.2
Repository: wireshark

Commits:

f177008 by Darius Davis (darius@xxxxxxxxxx):

    LDSS: Fix a read overrun in dissect_ldss_transfer.
    
    dissect_ldss_transfer had a trivial read overrun: "line" was not
    NUL-terminated, and strtol/g_ascii_strtoull will keep reading and discarding
    any leading whitespace, so a malformed LDSS packet (with only whitespace
    characters following the tag on a "Size:"/"Start:"/"Compression:" line) could
    trigger a read overrun.
    
    Let's replace the tvb_memdup with tvb_get_string_enc, which does some checking
    of the input characters (which, it seems, must always be ASCII), and produces a
    neat NUL-terminated string.
    
    Testing Done: On Linux x64, ran "valgrind tshark -r fuzz-2018-04-23-14422.pcap"
       without the fix (to reproduce the failure), and then with the fix, and
       observed that no errors were reported anymore after the fix. 60,000 iters of
       fuzz-test with ldss_filtered.pcap as input, plus 1,000 iters under valgrind.
       Launched wireshark and opened ldss_filtered.pcap, and examined the dissection
       of the "ldss and tcp" packets; All looks good.
    
    Bug: 14615
    Change-Id: I3fccc4ffbe315a3cff6ea03cc7db37f884b0582c
    Reviewed-on: https://code.wireshark.org/review/27204
    Petri-Dish: Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>
    Tested-by: Petri Dish Buildbot
    Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
    (cherry picked from commit 295abe2e83ba8428e84e7ff9b2f6f94ae948fa76)
    Reviewed-on: https://code.wireshark.org/review/27223
    

Actions performed:

    from  0f87e8e   [Automatic update for 2018-04-29]
    adds  f177008   LDSS: Fix a read overrun in dissect_ldss_transfer.


Summary of changes:
 epan/dissectors/packet-ldss.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)