[Wireshark-bugs] [Bug 16394] Crash in wireguard dissector
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394 --- Comment #1 from fuwa3-...@yahoo.com --- Created attachment 17629 --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17629&action=edit gdb backtrace of crash -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 16394] Crash in wireguard dissector
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394 Jim Young changed: What|Removed |Added Ever confirmed|0 |1 Status|UNCONFIRMED |CONFIRMED CC||jyo...@gsu.edu --- Comment #2 from Jim Young --- Enabling 2-pass processing will trigger crash with tshark: > $ tshark -2 -r sample2.pcap > Segmentation fault: 11 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 16394] Crash in wireguard dissector
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394 Peter Wu changed: What|Removed |Added Status|CONFIRMED |IN_PROGRESS CC||pe...@lekensteyn.nl --- Comment #3 from Peter Wu --- This issue was reported before in https://code.wireshark.org/review/35812 WireGuard heuristics operate based on the UDP payload. The capture triggers a crash because: 1. Pass 1: packet 1 starts with 0x01, but is 543 bytes, not WireGuard. 2. Pass 1: packet 2 starts with 0x01 and is exactly 148 bytes, so the stream is assumed to be WireGuard. 3. Pass 2: packet 1 is now considered WireGuard. However the dissector assumed processing to already have happened on the first pass which is not the case. Hence a null-pointer dereference crash. There are a couple of things that should be done here. Question for you, was the original capture actually a WireGuard trace? If not, then the heuristics should probably be improved as well. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 16394] Crash in wireguard dissector
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394 --- Comment #4 from Gerrit Code Review --- Change 36148 had a related patch set uploaded by Peter Wu: WireGuard: fix null pointer crash https://code.wireshark.org/review/36148 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 16394] Crash in wireguard dissector
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394 --- Comment #5 from Gerrit Code Review --- Change 36149 had a related patch set uploaded by Peter Wu: WireGuard: ignore messages with invalid lengths https://code.wireshark.org/review/36149 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 16394] Crash in wireguard dissector
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394 --- Comment #6 from Gerrit Code Review --- Change 36148 merged by Alexis La Goutte: WireGuard: fix null pointer crash https://code.wireshark.org/review/36148 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 16394] Crash in wireguard dissector
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394 --- Comment #7 from Gerrit Code Review --- Change 36159 had a related patch set uploaded by Alexis La Goutte: WireGuard: fix null pointer crash https://code.wireshark.org/review/36159 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 16394] Crash in wireguard dissector
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394 --- Comment #8 from Gerrit Code Review --- Change 36149 merged by Alexis La Goutte: WireGuard: ignore messages with invalid lengths https://code.wireshark.org/review/36149 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 16394] Crash in wireguard dissector
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394 --- Comment #9 from fuwa3-...@yahoo.com --- > Question for you, was the original capture actually a WireGuard trace? If > not, then the heuristics should probably be improved as well. No, those packets are not Wireguard traffic. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 16394] Crash in wireguard dissector
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394 --- Comment #10 from Gerrit Code Review --- Change 36159 merged by Anders Broman: WireGuard: fix null pointer crash https://code.wireshark.org/review/36159 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 16394] Crash in wireguard dissector
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394 Peter Wu changed: What|Removed |Added Resolution|--- |FIXED Status|IN_PROGRESS |RESOLVED --- Comment #11 from Peter Wu --- (In reply to fuwa3-wsh from comment #9) > > Question for you, was the original capture actually a WireGuard trace? If > > not, then the heuristics should probably be improved as well. > > No, those packets are not Wireguard traffic. Hm, it looks like the heuristics has to be improved to avoid this. Until then, you can disable the WireGuard protocol as workaround. The crash has been fixed in v3.3.0rc0-574-gb2ee7a2876 v3.2.2rc0-53-g73c5fff899 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 16394] Crash in WireGuard dissector
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394 Gerald Combs changed: What|Removed |Added Summary|Crash in wireguard |Crash in WireGuard |dissector |dissector -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 16394] Crash in WireGuard dissector
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394 Gerald Combs changed: What|Removed |Added See Also||http://cve.mitre.org/cgi-bi ||n/cvename.cgi?name=CVE-2020 ||-9429 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe