Re: Crash in dissect_smb2_command

[Jeff Morriss <jeff.morriss.ws () gmail com>]

On Sun, Sep 25, 2016 at 12:47 PM, Paul Offord <Paul.Offord () advance7 com>
wrote:

> Hi,
>
>
>
> Between 2.2 and the latest git a change seems to have been made to
> dissect_smb2_getinfo_request().  It now returns an integer based on the
> difference between two dissected values:
>
>
>
>                offset = getinfo_offset + getinfo_size;
>
>
>
>                return offset;
>
>
>
> Unfortunately getinfo_offset and getinfo_size are sometimes zero and so a
> zero offset is returned.  On return to dissect_smb2_command there’s some
> fiddling around until we get to:
>
>
>
>                proto_item_set_len(cmd_item, offset-old_offset);
>
>
>
> The calculation of offset-old_offset yields a negative number which is
> passed to proto_item_set_len as a length parameter.  In proto_item_set_len
> we have:
>
>
>
>                DISSECTOR_ASSERT(length >= 0);
>
>
>
> Obviously this causes an exception.
>
>
>
> Do I just feed this back as commentary on the Patch Set or should I raise
> a bug?

Either one works but if you do the former you should be prepared to
remember the comment and raise a bug if you don't get a response.

If the former, can you point me to the change because I can’t seem to find
> it?

"git log -p" is your friend for this kind of thing (or "git blame"):

https://code.wireshark.org/review/17447

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe