Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 12742] New: Possible Null Pointer Dereference in packet-nt

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 15 Aug 2016 02:30:26 +0000
Bug ID 12742
Summary Possible Null Pointer Dereference in packet-ntlmssp.c
Product Wireshark
Version 2.0.5
Hardware x86
OS Fedora
Status UNCONFIRMED
Severity Trivial
Priority Low
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected] 

Build Information:
Wireshark 2.0.5 (Git Rev Unknown from unknown)

Copyright 1998-2016 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 4.8.7, with libpcap, without POSIX capabilities,
without libnl, with libz 1.2.8, with GLib 2.48.1, without SMI, without c-ares,
without ADNS, without Lua, without GnuTLS, without Gcrypt, without Kerberos,
without GeoIP, with QtMultimedia, without AirPcap.

Running on Linux 4.6.5-300.fc24.x86_64, with locale en_US.UTF-8, with libpcap
version 1.7.4, with libz 1.2.8.
       Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz (with SSE4.2)

Built using gcc 6.1.1 20160510 (Red Hat 6.1.1-2).

--
I ran static code analysis (Cppcheck) on the codebase, and there is a null
pointer dereference for pass_list found in
epan/dissectors/packet-ntlmssp.c:583.  An examination of the code shows that
*pass_list is initialized to NULL upon declaration, and is dereferenced in line
583 with pass_list[i].md4.  Now pass_list will get populated in line 553 with
the get_md4pass_list function, but this code is only called if
HAVE_HEIMDAL_KERBEROS or HAVE_MIT_KERBEROS are defined.  A recursive search
revealed that they do get #define in the configure script, but there is an
underlying assumption that these #defines will exist.  At the very least, line
583 should have the same #if defined (HAVE_HEIMDAL_KERBEROS ||
defined(HAVE_MIT_KERBEROS)  statement surrounding it.

You are receiving this mail because:
  • You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube