[Wireshark-bugs] [Bug 16394] Crash in wireguard dissector

2020-02-16 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394

--- Comment #1 from fuwa3-...@yahoo.com ---
Created attachment 17629
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17629&action=edit
gdb backtrace of crash

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16394] Crash in wireguard dissector

2020-02-16 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394

Jim Young  changed:

   What|Removed |Added

 Ever confirmed|0   |1
 Status|UNCONFIRMED |CONFIRMED
 CC||jyo...@gsu.edu

--- Comment #2 from Jim Young  ---
Enabling 2-pass processing will trigger crash with tshark:

> $ tshark -2 -r sample2.pcap 
> Segmentation fault: 11

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16394] Crash in wireguard dissector

2020-02-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394

Peter Wu  changed:

   What|Removed |Added

 Status|CONFIRMED   |IN_PROGRESS
 CC||pe...@lekensteyn.nl

--- Comment #3 from Peter Wu  ---
This issue was reported before in https://code.wireshark.org/review/35812

WireGuard heuristics operate based on the UDP payload.
The capture triggers a crash because:
1. Pass 1: packet 1 starts with 0x01, but is 543 bytes, not WireGuard.
2. Pass 1: packet 2 starts with 0x01 and is exactly 148 bytes, so the stream is
assumed to be WireGuard.
3. Pass 2: packet 1 is now considered WireGuard. However the dissector assumed
processing to already have happened on the first pass which is not the case.
Hence a null-pointer dereference crash.

There are a couple of things that should be done here. Question for you, was
the original capture actually a WireGuard trace? If not, then the heuristics
should probably be improved as well.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16394] Crash in wireguard dissector

2020-02-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394

--- Comment #4 from Gerrit Code Review  ---
Change 36148 had a related patch set uploaded by Peter Wu:
WireGuard: fix null pointer crash

https://code.wireshark.org/review/36148

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16394] Crash in wireguard dissector

2020-02-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394

--- Comment #5 from Gerrit Code Review  ---
Change 36149 had a related patch set uploaded by Peter Wu:
WireGuard: ignore messages with invalid lengths

https://code.wireshark.org/review/36149

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16394] Crash in wireguard dissector

2020-02-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394

--- Comment #6 from Gerrit Code Review  ---
Change 36148 merged by Alexis La Goutte:
WireGuard: fix null pointer crash

https://code.wireshark.org/review/36148

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16394] Crash in wireguard dissector

2020-02-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394

--- Comment #7 from Gerrit Code Review  ---
Change 36159 had a related patch set uploaded by Alexis La Goutte:
WireGuard: fix null pointer crash

https://code.wireshark.org/review/36159

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16394] Crash in wireguard dissector

2020-02-22 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394

--- Comment #8 from Gerrit Code Review  ---
Change 36149 merged by Alexis La Goutte:
WireGuard: ignore messages with invalid lengths

https://code.wireshark.org/review/36149

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16394] Crash in wireguard dissector

2020-02-24 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394

--- Comment #9 from fuwa3-...@yahoo.com ---
> Question for you, was the original capture actually a WireGuard trace? If 
> not, then the heuristics should probably be improved as well.

No, those packets are not Wireguard traffic.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16394] Crash in wireguard dissector

2020-02-25 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394

--- Comment #10 from Gerrit Code Review  ---
Change 36159 merged by Anders Broman:
WireGuard: fix null pointer crash

https://code.wireshark.org/review/36159

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16394] Crash in wireguard dissector

2020-02-25 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394

Peter Wu  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|IN_PROGRESS |RESOLVED

--- Comment #11 from Peter Wu  ---
(In reply to fuwa3-wsh from comment #9)
> > Question for you, was the original capture actually a WireGuard trace? If 
> > not, then the heuristics should probably be improved as well.
> 
> No, those packets are not Wireguard traffic.

Hm, it looks like the heuristics has to be improved to avoid this. Until then,
you can disable the WireGuard protocol as workaround.

The crash has been fixed in
v3.3.0rc0-574-gb2ee7a2876
v3.2.2rc0-53-g73c5fff899

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16394] Crash in WireGuard dissector

2020-02-25 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394

Gerald Combs  changed:

   What|Removed |Added

Summary|Crash in wireguard  |Crash in WireGuard
   |dissector   |dissector

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16394] Crash in WireGuard dissector

2020-02-27 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394

Gerald Combs  changed:

   What|Removed |Added

   See Also||http://cve.mitre.org/cgi-bi
   ||n/cvename.cgi?name=CVE-2020
   ||-9429

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe