Wireshark · Wireshark-users: Re: [Wireshark-users] in >wireshark-2.0.2, tshark follow ssl stream segfaults

[Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>]

On Tue, Jul 12, 2016 at 2:11 PM, Miroslav Rovis <miro.rovis@xxxxxxxxxxxxxxxxx> wrote:

And now the problem. I figured out something was wrong because my
(primitive) program:
https://github.com/miroR/tshark-streams.git
wouldn't get SSL streams neither as ascii (text) nor as binary (raw)
(see the script pls.).

Samples for checking with the above versions are only two files from. I
used these because the trace is short enough, and all is already
posted:
http://www.croatiafidelis.hr/foss/cap/cap-160606-dns-hr/

dump_160606_1328_g0n.pcap
        and
dump_160606_1xxx_SSLKEYLOGFILE.txt

Now, running this command with greater version than 2.0.2 of Wireshark
(such as 2.1.0):

tshark -o "ssl.keylog_file: dump_160606_1xxx_SSLKEYLOGFILE.txt" -r \
        "dump_160606_1328_g0n.pcap" -T fields -e data -qz follow,ssl,raw,0 \
        | grep -E '[[:print:]]' > dump_160606_1328_g0n_s000-ssl.raw

gets me these in the syslog:

[...]
 

Jul 12 18:01:53 g0n kernel: [158754.612649] traps: tshark[11975] general
protection ip:23c0292717 sp:3cdf3aec7f0 error:0 in
tshark[23c026e000+43000]

Jul 12 18:01:53 g0n kernel: [158754.612673] grsec: (miro:U:/)
Segmentation fault occurred at            (nil) in
/usr/bin/tshark[tshark:11975] uid/euid:1000/1000 gid/egid:1000/1000,
parent /bin/bash[bash:29776] uid/euid:1000/1000 gid/egid:1000/1000

tshark is crashing due to a segmentation violation.  That's a bug.  Please open a bug report:

https://bugs.wireshark.org

Please attach the capture file and include your instructions to reproduce it from above (just so folks don't have to go retrieve that from the email and your web site).