Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 4008] New: Wireshark 1.2.1 crashes on Windows when when ca

Date: Mon, 14 Sep 2009 09:16:03 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4008

           Summary: Wireshark 1.2.1 crashes on Windows when when capturing
                    or attempt to open a file containing TLS 1.2
                    conversation
           Product: Wireshark
           Version: 1.2.1
          Platform: x86-64
        OS/Version: Windows XP
            Status: NEW
          Severity: Normal
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: adimcev@xxxxxxxxxxxxxx


Build Information:
Version 1.2.1 (SVN Rev 29141)
Compiled with GTK+ 2.16.2, with GLib 2.20.3, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with c-ares 1.6.0, with Lua 5.1, with GnuTLS 2.8.1, with Gcrypt 1.4.4, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Jul 19 2009), with
AirPcap.
Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1
beta5
(packet.dll version 4.1.0.1452), based on libpcap version 1.0.0, GnuTLS 2.8.1,
Gcrypt 1.4.4, without AirPcap.
Built using Microsoft Visual C++ 9.0 build 30729
--
Wireshark, version bellow(different Windows OS), crashes when capturing or
attempt to open a file containing TLS 1.2 conversation, for example see the
attached captures(within the zip archive).

Version 1.2.1 (SVN Rev 29141)
Compiled with GTK+ 2.16.2, with GLib 2.20.3, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with c-ares 1.6.0, with Lua 5.1, with GnuTLS 2.8.1, with Gcrypt 1.4.4, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Jul 19 2009), with
AirPcap.
Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1
beta5
(packet.dll version 4.1.0.1452), based on libpcap version 1.0.0, GnuTLS 2.8.1,
Gcrypt 1.4.4, without AirPcap.
Built using Microsoft Visual C++ 9.0 build 30729

or

Version 1.2.1 (SVN Rev 29141)
Compiled with GTK+ 2.16.2, with GLib 2.20.3, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with c-ares 1.6.0, with Lua 5.1, with GnuTLS 2.8.1, with Gcrypt 1.4.4, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Jul 19 2009), with
AirPcap.
Running on Windows Server 2003 Service Pack 2, build 3790, with WinPcap version
4.1 beta5 (packet.dll version 4.1.0.1452), based on libpcap version 1.0.0,
GnuTLS 2.8.1, Gcrypt 1.4.4, without AirPcap.
Built using Microsoft Visual C++ 9.0 build 30729

or

Version 1.2.1 (SVN Rev 29141)

Compiled with GTK+ 2.14.7, with GLib 2.18.4, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, without libpcre, without SMI,
without c-ares, without ADNS, with Lua 5.1, without GnuTLS, without Gcrypt,
without Kerberos, without GeoIP, with PortAudio V19-devel (built Jul 19 2009),
without AirPcap.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running on Windows Vista, build 7600, with WinPcap version 4.1 beta5
(packet.dll
version 4.1.0.1452), based on libpcap version 1.0.0.

Built using Microsoft Visual C++ 9.0 build 30729


The captures were taken on a Debian VM(using promiscous mode) which did not
crashed, running:
Version 1.0.2
Compiled with GTK+ 2.12.12, with GLib 2.16.6, with libpcap 0.9.8, with libz
1.2.3.3, with POSIX capabilities (Linux), with libpcre 7.6, without SMI, with
ADNS, with Lua 5.1, with GnuTLS 2.4.2, with Gcrypt 1.4.1, with MIT Kerberos,
with PortAudio V19-devel (built Oct 12 2008), without AirPcap.
Running on Linux 2.6.26-2-amd64, with libpcap version 0.9.8.
Built using gcc 4.3.2.


Also I can open the attached captures on an Ubuntu 9 Desktop VM using a built
from source version like:
Version 1.2.1
Compiled with GTK+ 2.16.1, with GLib 2.20.1, with libpcap 1.0.0, with libz
1.2.3.3, without POSIX capabilities, without libpcre, without SMI, without
c-ares, without ADNS, without Lua, without GnuTLS, without Gcrypt, without
Kerberos, without GeoIP, without PortAudio, without AirPcap.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.
Running on Linux 2.6.28-15-generic, with libpcap version 1.0.0.
Built using gcc 4.3.3.


You may duplicate the problem if you have an Windows 7 machine, use IE8 and
configure from Tools\Internet Option\Advanced, select only 'Use TLS 1.2' and go
to a web server capable of using TLS 1.2 like https://tls.woodgrovebank.com,
and take a capture on that machine itself or on another machine(XP, Windows
2003) using promiscuous mode.
Or if you have on a (XP) machine GnuTLS installed, use gnutls-cli with a
command like:
gnutls-cli --priority NONE:+VERS-TLS1.2:+AES-256-CBC:+RSA:+SHA256:+COMP-NULL
--x509cafile 'CA file' tls.woodgrovebank.com --insecure
and capture the traffic on that machine.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.