Wireshark mailing list archives
Re: Crash in dissect_smb2_command
From: Jeff Morriss <jeff.morriss.ws () gmail com>
Date: Mon, 26 Sep 2016 09:53:25 -0400
On Sun, Sep 25, 2016 at 12:47 PM, Paul Offord <Paul.Offord () advance7 com> wrote:
Hi, Between 2.2 and the latest git a change seems to have been made to dissect_smb2_getinfo_request(). It now returns an integer based on the difference between two dissected values: offset = getinfo_offset + getinfo_size; return offset; Unfortunately getinfo_offset and getinfo_size are sometimes zero and so a zero offset is returned. On return to dissect_smb2_command there’s some fiddling around until we get to: proto_item_set_len(cmd_item, offset-old_offset); The calculation of offset-old_offset yields a negative number which is passed to proto_item_set_len as a length parameter. In proto_item_set_len we have: DISSECTOR_ASSERT(length >= 0); Obviously this causes an exception. Do I just feed this back as commentary on the Patch Set or should I raise a bug?
Either one works but if you do the former you should be prepared to remember the comment and raise a bug if you don't get a response. If the former, can you point me to the change because I can’t seem to find
it?
"git log -p" is your friend for this kind of thing (or "git blame"): https://code.wireshark.org/review/17447
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Crash in dissect_smb2_command Paul Offord (Sep 25)
- Re: Crash in dissect_smb2_command Jeff Morriss (Sep 26)
- Re: Crash in dissect_smb2_command Richard Sharpe (Sep 26)
- Re: Crash in dissect_smb2_command Paul Offord (Sep 26)
- Re: Crash in dissect_smb2_command Jeff Morriss (Sep 26)