https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6663
Summary: Large packet length crashes Wireshark
Product: Wireshark
Version: SVN
Platform: All
OS/Version: All
Status: NEW
Severity: Critical
Priority: Low
Component: Wireshark
AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
ReportedBy: gerald@xxxxxxxxxxxxx
Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
Laurent Butti discovered the following:
----
Here is an airopeek file triggering a SIGSEGV (allowing remote attackers to
cause a denial of service). It was successfully tested on 1.6.3 and 1.6.4
releases.
If you need further information, feel free to ask.
Thanks,
Laurent Butti.
----
(gdb) run
Starting program: /usr/local/bin/tshark -nVxr test2.apc
Program received signal SIGSEGV, Segmentation fault.
0x08056422 in print_hex_data (stream=0x88037a8, edt=0xbfffe624) at print.c:847
847 multiple_sources = (edt->pi.data_src->next != NULL);
(gdb) bt
#0 0x08056422 in print_hex_data (stream=0x88037a8, edt=0xbfffe624)
at print.c:847
#1 0x0806c529 in print_packet (cf=<optimized out>, edt=<optimized out>)
at tshark.c:3298
#2 0x0806df16 in process_packet (cf=0x8081e20, offset=<optimized out>,
whdr=0x88037cc, pseudo_header=0x88037e0, pd=0x8808648 "\200",
filtering_tap_listeners=<optimized out>, tap_flags=4) at tshark.c:2918
#3 0x08051fd6 in load_cap_file (max_byte_count=0, max_packet_count=0,
out_file_name_res=0, out_file_type=-1073747096, save_file=0x0,
cf=<optimized out>) at tshark.c:2718
#4 main (argc=3, argv=0xbfffec74) at tshark.c:1717
Breakpoint 1, print_hex_data (stream=0x88037a8, edt=0xbfffe624) at print.c:831
831 {
(gdb) step
847 multiple_sources = (edt->pi.data_src->next != NULL);
(gdb) print edt
$2 = (epan_dissect_t *) 0xbfffe624
(gdb) print edt->pi.data_src
$3 = (GSList *) 0x0
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
