Wireshark-dev: Re: [Wireshark-dev] Crash in dissect_smb2_command
From: Paul Offord <[email protected]>
Date: Mon, 26 Sep 2016 14:50:45 +0000

OK – I’ve added a comment to the change.

 

From: [email protected] [mailto:[email protected]] On Behalf Of Jeff Morriss
Sent: 26 September 2016 14:53
To: Developer support list for Wireshark <[email protected]>
Subject: Re: [Wireshark-dev] Crash in dissect_smb2_command

 

 

 

On Sun, Sep 25, 2016 at 12:47 PM, Paul Offord <[email protected]> wrote:

Hi,

 

Between 2.2 and the latest git a change seems to have been made to dissect_smb2_getinfo_request().  It now returns an integer based on the difference between two dissected values:

 

               offset = getinfo_offset + getinfo_size;

 

               return offset;

 

Unfortunately getinfo_offset and getinfo_size are sometimes zero and so a zero offset is returned.  On return to dissect_smb2_command there’s some fiddling around until we get to:

 

               proto_item_set_len(cmd_item, offset-old_offset);

 

The calculation of offset-old_offset yields a negative number which is passed to proto_item_set_len as a length parameter.  In proto_item_set_len we have:

 

               DISSECTOR_ASSERT(length >= 0);

 

Obviously this causes an exception.

 

Do I just feed this back as commentary on the Patch Set or should I raise a bug? 


Either one works but if you do the former you should be prepared to remember the comment and raise a bug if you don't get a response.

If the former, can you point me to the change because I can’t seem to find it?

 

"git log -p" is your friend for this kind of thing (or "git blame"):


______________________________________________________________________

This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.

Any views or opinions expressed are solely those of the author and do not necessarily represent those of Advance Seven Ltd. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission.

Advance Seven Ltd. Registered in England & Wales numbered 2373877 at Endeavour House, Coopers End Lane, Stansted, Essex CM24 1SJ

______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________