From ${URL} : It was found that Wireshark crashes when processing (with "tshark -nr genbroad.snoop") a same file from the Wireshark wiki page: wget 'http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=genbroad.snoop' -O genbroad.snoop Additional details: * crash reason: strlen() called on invalid pointer (value 0x56998680 == 1452902016) * the function set_dnet_address at packet-dec-dnart.c:355 * it is called 4 times * the 2nd time is the one when the value is set * the variable is called addr in the context of /epan/dissectors/packet-dec-dnart.c:357, function set_dnet_address * the variable is called pinfo->src->data in the upper frames * in this function, this macro modifies the value: SET_ADDRESS(paddr_tgt, AT_STRINGZ, 1, wmem_strdup(pinfo->pool, addr)); * it should set paddr_tgt->data = addr, but the value gets garbled by the ctlq instruction: .. |0x7ffff4d85522 dnet_address+50> callq 0x7ffff4b0d4b0 <wmem_strdup@plt> |0x7ffff4d85527 dnet_address+55> cltq .. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
As per the URL: This bug should not exist in Wireshark 1.12.x, for all values of x, as the change that introduced the call to wmem_strdup() in packet-dec-dnart.c also added an include of <epan/wmem/wmem.h>. ______________________________ We only have 1.12 in tree so this is not vulnerable. Added to an existing GLSA Request.
This issue was resolved and addressed in GLSA 201510-03 at https://security.gentoo.org/glsa/201510-03 by GLSA coordinator Kristian Fiskerstrand (K_F).
