Wireshark mailing list archives

Re: in >wireshark-2.0.2, tshark follow ssl stream segfaults

From: Jeff Morriss <jeff.morriss.ws () gmail com>
Date: Tue, 12 Jul 2016 18:37:42 -0400

On Tue, Jul 12, 2016 at 2:11 PM, Miroslav Rovis <
miro.rovis () croatiafidelis hr> wrote:

And now the problem. I figured out something was wrong because my
(primitive) program:
https://github.com/miroR/tshark-streams.git
wouldn't get SSL streams neither as ascii (text) nor as binary (raw)
(see the script pls.).

Samples for checking with the above versions are only two files from. I
used these because the trace is short enough, and all is already
posted:
http://www.croatiafidelis.hr/foss/cap/cap-160606-dns-hr/

dump_160606_1328_g0n.pcap
        and
dump_160606_1xxx_SSLKEYLOGFILE.txt

Now, running this command with greater version than 2.0.2 of Wireshark
(such as 2.1.0):

tshark -o "ssl.keylog_file: dump_160606_1xxx_SSLKEYLOGFILE.txt" -r \
        "dump_160606_1328_g0n.pcap" -T fields -e data -qz follow,ssl,raw,0
\
        | grep -E '[[:print:]]' > dump_160606_1328_g0n_s000-ssl.raw

gets me these in the syslog:


[...]

Jul 12 18:01:53 g0n kernel: [158754.612649] traps: tshark[11975] general
protection ip:23c0292717 sp:3cdf3aec7f0 error:0 in
tshark[23c026e000+43000]

Jul 12 18:01:53 g0n kernel: [158754.612673] grsec: (miro:U:/)
Segmentation fault occurred at            (nil) in
/usr/bin/tshark[tshark:11975] uid/euid:1000/1000 gid/egid:1000/1000,
parent /bin/bash[bash:29776] uid/euid:1000/1000 gid/egid:1000/1000


tshark is crashing due to a segmentation violation.  That's a bug.  Please
open a bug report:

https://bugs.wireshark.org

Please attach the capture file and include your instructions to reproduce
it from above (just so folks don't have to go retrieve that from the email
and your web site).

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

in >wireshark-2.0.2, tshark follow ssl stream segfaults Miroslav Rovis (Jul 12)
- Re: in >wireshark-2.0.2, tshark follow ssl stream segfaults Jeff Morriss (Jul 12)
  - Re: in >wireshark-2.0.2, tshark follow ssl stream segfaults Miroslav Rovis (Jul 12)
  - Re: in >wireshark-2.0.2, tshark follow ssl stream segfaults Miroslav Rovis (Jul 12)
    - Re: in >wireshark-2.0.2, tshark follow ssl stream segfaults Miroslav Rovis (Jul 14)
    - Re: in >wireshark-2.0.2, tshark follow ssl stream segfaults Jeff Morriss (Jul 14)
- Re: in >wireshark-2.0.2, tshark follow ssl stream segfaults Miroslav Rovis (Jul 12)