[prev in list] [next in list] [prev in thread] [next in thread]
List: wireshark-bugs
Subject: [Wireshark-bugs] [Bug 11933] smb2_info_t structure isn't always passed down
From: bugzilla-daemon () wireshark ! org
Date: 2016-01-31 23:17:58
Message-ID: bug-11933-15-aFQIqeyLRC () https ! bugs ! wireshark ! org/bugzilla/
[Download RAW message or body]
--1454282280.1C1E0a2.14995
Date: Sun, 31 Jan 2016 23:18:00 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id933
--- Comment #1 from Stefan Metzmacher <metze@samba.org> ---
(In reply to Michael Mann from comment #0)
> Build Information:
> Paste the COMPLETE build information from "Help->About Wireshark",
> "wireshark -v", or "tshark -v".
> --
> While investigating bug 11931, I noticed that I couldn't duplicate on master.
> The reason is that the smb2_info_t structure isn't passed down to the MS-WSP
> dissector. The functionality of dissect_smb2_FSCTL_PIPE_TRANSCEIVE()
> changed with Ie6f28fd7, which ends up calling heuristic dissection with no
> "dissector data". Since MS-WSP requires dissector data (smb2_info_t
> structure), it won't hit the crash found by the fuzzbot.
> I think the solution may be as simple as passing the dissector data through
> the heuristic dissection attempt, but I'll let those more familiar with the
> protocols ponder it.
Yes, I think passing 'si' instead of NULL as the last argument
of all dissector_try_heuristic() calls in dissect_file_data_smb2_pipe()
is the correct fix for now.
si might still be NULL in some cases, but it's better than nothing.
--
You are receiving this mail because:
You are watching all bug changes.
--1454282280.1C1E0a2.14995
Date: Sun, 31 Jan 2016 23:18:00 +0000
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<base href="https://bugs.wireshark.org/bugzilla/" />
<style>
body, th, td {
font-size: 12px;
font-family: Arial, Helvetica, sans-serif; }
p, pre { margin-top: 1em; }
pre {
font-family: Bitstream Vera Sans Mono, Consolas, Lucida Console, \
monospace; white-space: pre-wrap;
}
table { border: 0; border-spacing: 0; border-collapse: collapse; }
th, td {
padding: 0.25em;
padding-left: 0.5em;
padding-right: 0.5em;
}
th { background: rgb(240, 240, 240); }
th.th_top { border-bottom: 1px solid rgb(116, 126, 147); }
th.th_left { border-right: 1px solid rgb(116, 126, 147); }
td.removed { background-color: #ffcccc; }
td.added { background-color: #e4ffc7; }
</style>
</head>
<body>
<p>
<div>
<b><a class="bz_bug_link
bz_status_CONFIRMED "
title="CONFIRMED - smb2_info_t structure isn't always passed down"
href="https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11933#c1">Comment # \
1</a> on <a class="bz_bug_link
bz_status_CONFIRMED "
title="CONFIRMED - smb2_info_t structure isn't always passed down"
href="https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11933">bug 11933</a>
from <span class="vcard"><a class="email" \
href="mailto:metze@samba.org" title="Stefan Metzmacher \
<metze@samba.org>"> <span class="fn">Stefan Metzmacher</span></a> \
</span></b>
<pre>(In reply to Michael Mann from <a \
href="show_bug.cgi?id=11933#c0">comment #0</a>) <span class="quote">> Build \
Information: > Paste the COMPLETE build information from "Help->About \
Wireshark", > "wireshark -v", or "tshark -v".
> --
> While investigating <a class="bz_bug_link
bz_status_RESOLVED bz_closed"
title="RESOLVED FIXED - Buildbot crash output: fuzz-2015-12-25-14359.pcap"
href="show_bug.cgi?id=11931">bug 11931</a>, I noticed that I couldn't duplicate on \
master. > The reason is that the smb2_info_t structure isn't passed down to the \
MS-WSP > dissector. The functionality of dissect_smb2_FSCTL_PIPE_TRANSCEIVE()
> changed with <a \
href="https://code.wireshark.org/review/#q,Ie6f28fd7,n,z">Ie6f28fd7</a>, which ends \
up calling heuristic dissection with no > "dissector data". Since \
MS-WSP requires dissector data (smb2_info_t > structure), it won't hit the crash \
found by the fuzzbot. > I think the solution may be as simple as passing the \
dissector data through > the heuristic dissection attempt, but I'll let those more \
familiar with the > protocols ponder it.</span >
Yes, I think passing 'si' instead of NULL as the last argument
of all dissector_try_heuristic() calls in dissect_file_data_smb2_pipe()
is the correct fix for now.
si might still be NULL in some cases, but it's better than nothing.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are watching all bug changes.</li>
</ul>
</body>
</html>
--1454282280.1C1E0a2.14995--
___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-request@wireshark.org?subject=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic