First published: Tue Aug 21 2012(Updated: )
Description of problem: When opening certain capture files, wireshark hangs forever in an endless loop. Version-Release number of selected component (if applicable): wireshark-1.6.8-1.fc16.x86_64 I compiled wireshark 1.8.2 from source and did not see this problem any more. How reproducible: always Steps to Reproduce: 1. open capture file with wireshark Actual results: hangs after reading ~25% of the data Expected results: opens file successfully Additional info: #0 tvb_get_ntohs (tvb=<optimized out>, offset=<optimized out>) at tvbuff.c:1163 #1 0x00007fe66e6884ca in dissect_drda (tvb=0x7fe673ab7a40, pinfo=0x7fff420367f0, tree=0x0) at packet-drda.c:695 #2 0x00007fe66e688a9f in dissect_drda_heur (tree=0x0, pinfo=0x7fff420367f0, tvb=0x7fe673ab7a40) at packet-drda.c:819 #3 dissect_drda_heur (tvb=0x7fe673ab7a40, pinfo=0x7fff420367f0, tree=0x0) at packet-drda.c:803 #4 0x00007fe66e472844 in dissector_try_heuristic (sub_dissectors=<optimized out>, tvb=0x7fe673ab7a40, pinfo=0x7fff420367f0, tree=0x0) at packet.c:1657 #5 0x00007fe66ea32ba0 in decode_tcp_ports (tvb=<optimized out>, offset=<optimized out>, pinfo=0x7fff420367f0, tree=0x0, src_port=<optimized out>, dst_port=<optimized out>, tcpd=0x7fe656e2b080) at packet-tcp.c:3413 #6 0x00007fe66ea330a8 in process_tcp_payload (tvb=0x7fe673ab7980, offset=32, pinfo=0x7fff420367f0, tree=0x0, tcp_tree=0x0, src_port= 2049, dst_port=676, seq=0, nxtseq=0, is_tcp_segment=0, tcpd=0x7fe656e2b080) at packet-tcp.c:3458 #7 0x00007fe66ea33651 in desegment_tcp (tcpd=0x7fe656e2b080, tcp_tree=0x0, tree=0x0, dport=676, sport=2049, nxtseq=128380061, seq= 128380023, offset=32, pinfo=0x7fff420367f0, tvb=0x7fe673ab7980) at packet-tcp.c:1708 #8 dissect_tcp_payload (tvb=0x7fe673ab7980, pinfo=0x7fff420367f0, offset=<optimized out>, seq=<optimized out>, nxtseq=128380061, sport= 2049, dport=676, tree=0x0, tcp_tree=0x0, tcpd=0x7fe656e2b080) at packet-tcp.c:3525 #9 0x00007fe66ea34ac0 in dissect_tcp (tvb=<optimized out>, pinfo=0x7fff420367f0, tree=0x0) at packet-tcp.c:4233 #10 0x00007fe66e4706e0 in call_dissector_through_handle (handle=0x7fe672eaafa0, tvb=0x7fe673ab7980, pinfo=0x7fff420367f0, tree=0x0) at packet.c:420 #11 0x00007fe66e470db5 in call_dissector_work (handle=0x7fe672eaafa0, tvb=0x7fe673ab7980, pinfo_arg=0x7fff420367f0, tree=0x0, add_proto_name=1) at packet.c:511 #12 0x00007fe66e4718e6 in dissector_try_uint_new (sub_dissectors=<optimized out>, uint_val=6, tvb=0x7fe673ab7980, pinfo=0x7fff420367f0, tree=0x0, add_proto_name=1) at packet.c:923 #13 0x00007fe66e7a931d in dissect_ip (tvb=0x7fe673ab7b60, pinfo=<optimized out>, parent_tree=0x0) at packet-ip.c:1841 #14 0x00007fe66e4706e0 in call_dissector_through_handle (handle=0x7fe672aaff90, tvb=0x7fe673ab7b60, pinfo=0x7fff420367f0, tree=0x0) at packet.c:420 #15 0x00007fe66e470db5 in call_dissector_work (handle=0x7fe672aaff90, tvb=0x7fe673ab7b60, pinfo_arg=0x7fff420367f0, tree=0x0, add_proto_name=1) at packet.c:511 #16 0x00007fe66e4718e6 in dissector_try_uint_new (sub_dissectors=<optimized out>, uint_val=2048, tvb=0x7fe673ab7b60, pinfo= 0x7fff420367f0, tree=0x0, add_proto_name=1) at packet.c:923 #17 0x00007fe66e6b21d7 in ethertype (etype=2048, tvb=0x7fe673ab7aa0, offset_after_etype=14, pinfo=0x7fff420367f0, tree=0x0, fh_tree=0x0, etype_id=18803, trailer_id=18805, fcs_len=-1) at packet-ethertype.c:262 #18 0x00007fe66e6b0e59 in dissect_eth_common (tvb=0x7fe673ab7aa0, pinfo=0x7fff420367f0, parent_tree=0x0, fcs_len=-1) at packet-eth.c:348 #19 0x00007fe66e4706e0 in call_dissector_through_handle (handle=0x7fe6729356b0, tvb=0x7fe673ab7aa0, pinfo=0x7fff420367f0, tree=0x0) at packet.c:420 #20 0x00007fe66e470db5 in call_dissector_work (handle=0x7fe6729356b0, tvb=0x7fe673ab7aa0, pinfo_arg=0x7fff420367f0, tree=0x0, add_proto_name=1) at packet.c:511 #21 0x00007fe66e4718e6 in dissector_try_uint_new (sub_dissectors=<optimized out>, uint_val=1, tvb=0x7fe673ab7aa0, pinfo=0x7fff420367f0, tree=0x0, add_proto_name=1) at packet.c:923 ---Type <return> to continue, or q <return> to quit--- #22 0x00007fe66e6e5ea9 in dissect_frame (tvb=0x7fe673ab7aa0, pinfo=0x7fff420367f0, parent_tree=0x0) at packet-frame.c:345 #23 0x00007fe66e4706e0 in call_dissector_through_handle (handle=0x7fe67297b180, tvb=0x7fe673ab7aa0, pinfo=0x7fff420367f0, tree=0x0) at packet.c:420 #24 0x00007fe66e470db5 in call_dissector_work (handle=0x7fe67297b180, tvb=0x7fe673ab7aa0, pinfo_arg=0x7fff420367f0, tree=0x0, add_proto_name=1) at packet.c:511 #25 0x00007fe66e473171 in call_dissector (handle=<optimized out>, tvb=0x7fe673ab7aa0, pinfo=0x7fff420367f0, tree=0x0) at packet.c:1864 #26 0x00007fe66e473594 in dissect_packet (edt=0x7fff420367e0, pseudo_header=0x0, pd=0x7fe673a2e890 "", fd=0x7fe673f6c6d0, cinfo=0x0) at packet.c:351 #27 0x00007fe6711311fd in add_packet_to_packet_list (fdata=0x7fe673f6c6d0, cf=0x7fe6714e6e60, dfcode=0x0, filtering_tap_listeners=0, tap_flags=<optimized out>, pseudo_header=0x7fe6739f6c40, buf=0x7fe673a2e890 "", add_to_packet_list=1, refilter=1) at file.c:1111 #28 0x00007fe6711314aa in read_packet (cf=0x7fe6714e6e60, dfcode=0x0, filtering_tap_listeners=0, tap_flags=4, offset=<optimized out>) at file.c:1200 #29 0x00007fe671131d48 in cf_read (cf=0x7fe6714e6e60, from_save=0) at file.c:609 #30 0x00007fe67111db5f in main (argc=0, argv=0x7fff42037428) at main.c:2877 The code hangs in this loop: dissect_drda () { [...] 693 while ((guint) (offset + 10) <= tvb_length(tvb)) 694 { 695 iCommand = tvb_get_ntohs(tvb, offset + 8); 696 iLength = tvb_get_ntohs(tvb, offset + 0); 697 /* iCommandEnd is the length of the packet up to the end of the current command */ 698 iCommandEnd += iLength; [...] 707 if (tree) 708 { [...] 776 } 777 else 778 { 779 /* No tree, advance directly to next command */ (gdb) 780 offset += iLength; 781 } 782 } tvb_get_ntohs() in line 696 returns 0, thus the "offset" variable never advances.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Wireshark Wireshark | =1.8.0 | |
Wireshark Wireshark | =1.8.1 | |
Wireshark Wireshark | =1.8.2 | |
Wireshark Wireshark | =1.6.0 | |
Wireshark Wireshark | =1.6.1 | |
Wireshark Wireshark | =1.6.2 | |
Wireshark Wireshark | =1.6.3 | |
Wireshark Wireshark | =1.6.4 | |
Wireshark Wireshark | =1.6.5 | |
Wireshark Wireshark | =1.6.6 | |
Wireshark Wireshark | =1.6.7 | |
Wireshark Wireshark | =1.6.8 | |
Wireshark Wireshark | =1.6.9 | |
Wireshark Wireshark | =1.6.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.