ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] patching ASN.1 dissectors

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Pascal Quantin <pascal.quantin@xxxxxxxxx>
Date: Thu, 31 Jan 2019 15:05:38 +0100
Le jeu. 31 janv. 2019 à 14:56, Dario Lombardo <lomato@xxxxxxxxx> a écrit :
Sure you may.
In dissect_UniDialoguePDU_PDU, the asn1_ctx context is created. But later, in dissect_tcap_AARQ_application_context_name, actx->value_ptr is casted and used.
I figured out that the right way to patch the code was to init the asn1_ctx with a proper value_ptr, when created.

It is already properly initialized: the dissect_UniDialoguePDU_PDU calls asn1_ctx_init() which properly sets the structure to 0.

Maybe that's not the right fix: if that's the case which patch do you suggest?

An exported PDU can be called from another dissector (presumably the registered OID in this case). IMHO the right fix is to modify the tcap.cnf file so as to check that p_tcap_private is not NULL before deferencing it (it is properly set when decoding a TCP message thanks to the dissect_tcap() function, but not when decoding a subset of a TCAP message called from another dissector). This needs to be done for all instances of p_tcap_private use.

Regards,
Pascal.
 

On Thu, Jan 31, 2019 at 2:29 PM Pascal Quantin <pascal.quantin@xxxxxxxxx> wrote:
Hi Dario,

Le jeu. 31 janv. 2019 à 14:24, Dario Lombardo <lomato@xxxxxxxxx> a écrit :
Hi
I want to fix a bug in the tcap dissector, specifically in the function dissect_UniDialoguePDU_PDU. This is a generated dissector, therefore I've looked for the generating code, but I got lost in the maze of the generation of this dissector.
Any help on which code in the tree I should change for this specific function?

This function is auto-generated by asn2wrs.py based on the EXPORTS directive found in tcap.cnf.
May I ask you what you want to fix? I hardly see what could be buggy in the function itself (all the EXPORTS functions assume that you have a byte aligned buffer; if this not the case for this specific payload then the EXPORTS directive should not be used and some manual code should  be written in the template file instead).

Best regards,
Pascal.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe


-- 
Naima is online.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube