'[Wireshark-bugs] [Bug 11933] smb2_info_t structure isn't always passed down'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wireshark-bugs
Subject:    [Wireshark-bugs] [Bug 11933] smb2_info_t structure isn't always passed down
From:       bugzilla-daemon () wireshark ! org
Date:       2016-01-31 23:17:58
Message-ID: bug-11933-15-aFQIqeyLRC () https ! bugs ! wireshark ! org/bugzilla/
[Download RAW message or body]

--1454282280.1C1E0a2.14995
Date: Sun, 31 Jan 2016 23:18:00 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id933

--- Comment #1 from Stefan Metzmacher <metze@samba.org> ---
(In reply to Michael Mann from comment #0)
> Build Information:
> Paste the COMPLETE build information from "Help->About Wireshark",
> "wireshark -v", or "tshark -v".
> --
> While investigating bug 11931, I noticed that I couldn't duplicate on master.
> The reason is that the smb2_info_t structure isn't passed down to the MS-WSP
> dissector.  The functionality of dissect_smb2_FSCTL_PIPE_TRANSCEIVE()
> changed with Ie6f28fd7, which ends up calling heuristic dissection with no
> "dissector data".  Since MS-WSP requires dissector data (smb2_info_t
> structure), it won't hit the crash found by the fuzzbot.
> I think the solution may be as simple as passing the dissector data through
> the heuristic dissection attempt, but I'll let those more familiar with the
> protocols ponder it.

Yes, I think passing 'si' instead of NULL as the last argument
of all dissector_try_heuristic() calls in dissect_file_data_smb2_pipe()
is the correct fix for now.

si might still be NULL in some cases, but it's better than nothing.

--
You are receiving this mail because:
You are watching all bug changes.

--1454282280.1C1E0a2.14995
Date: Sun, 31 Jan 2016 23:18:00 +0000
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<html>
    <head>
      <base href="https://bugs.wireshark.org/bugzilla/" />
      <style>
        body, th, td {
            font-size: 12px;
            font-family: Arial, Helvetica, sans-serif; }
        p, pre { margin-top: 1em; }
        pre {
            font-family: Bitstream Vera Sans Mono, Consolas, Lucida Console, \
monospace;  white-space: pre-wrap;
	}
        table { border: 0; border-spacing: 0; border-collapse: collapse; }
        th, td {
            padding: 0.25em;
            padding-left: 0.5em;
            padding-right: 0.5em;
        }
        th { background: rgb(240, 240, 240); }
        th.th_top { border-bottom: 1px solid rgb(116, 126, 147); }
        th.th_left { border-right: 1px solid rgb(116, 126, 147); }
        td.removed { background-color: #ffcccc; }
        td.added { background-color: #e4ffc7; }
      </style>
    </head>
    <body>
      <p>
        <div>
            <b><a class="bz_bug_link 
          bz_status_CONFIRMED "
   title="CONFIRMED - smb2_info_t structure isn't always passed down"
   href="https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11933#c1">Comment # \
1</a>  on <a class="bz_bug_link 
          bz_status_CONFIRMED "
   title="CONFIRMED - smb2_info_t structure isn't always passed down"
   href="https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11933">bug 11933</a>
              from <span class="vcard"><a class="email" \
href="mailto:metze&#64;samba.org" title="Stefan Metzmacher \
&lt;metze&#64;samba.org&gt;"> <span class="fn">Stefan Metzmacher</span></a> \
                </span></b>
        <pre>(In reply to Michael Mann from <a \
href="show_bug.cgi?id=11933#c0">comment #0</a>) <span class="quote">&gt; Build \
Information: &gt; Paste the COMPLETE build information from &quot;Help-&gt;About \
Wireshark&quot;, &gt; &quot;wireshark -v&quot;, or &quot;tshark -v&quot;.
&gt; --
&gt; While investigating <a class="bz_bug_link 
          bz_status_RESOLVED  bz_closed"
   title="RESOLVED FIXED - Buildbot crash output: fuzz-2015-12-25-14359.pcap"
   href="show_bug.cgi?id=11931">bug 11931</a>, I noticed that I couldn't duplicate on \
master. &gt; The reason is that the smb2_info_t structure isn't passed down to the \
MS-WSP &gt; dissector.  The functionality of dissect_smb2_FSCTL_PIPE_TRANSCEIVE()
&gt; changed with <a \
href="https://code.wireshark.org/review/#q,Ie6f28fd7,n,z">Ie6f28fd7</a>, which ends \
up calling heuristic dissection with no &gt; &quot;dissector data&quot;.  Since \
MS-WSP requires dissector data (smb2_info_t &gt; structure), it won't hit the crash \
found by the fuzzbot. &gt; I think the solution may be as simple as passing the \
dissector data through &gt; the heuristic dissection attempt, but I'll let those more \
familiar with the &gt; protocols ponder it.</span >

Yes, I think passing 'si' instead of NULL as the last argument
of all dissector_try_heuristic() calls in dissect_file_data_smb2_pipe()
is the correct fix for now.

si might still be NULL in some cases, but it's better than nothing.</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are watching all bug changes.</li>
      </ul>
    </body>
</html>

--1454282280.1C1E0a2.14995--



___________________________________________________________________________
Sent via:    Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs
             mailto:wireshark-bugs-request@wireshark.org?subject=unsubscribe

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic