[Wireshark-bugs] [Bug 14472] Crafted HTTP traffic causes tshark to abort

bugzilla-daemon Sun, 11 Mar 2018 08:21:58 -0700

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14472


--- Comment #7 from Peter Wu <pe...@lekensteyn.nl> ---
Created attachment 16210
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16210&action=edit
Crafted crash reproducer

The previously proposed patch is insufficient, if the first TCP segment
contains the full HTTP message (+ a bit more), then the same crash would occur.
See attached pcap, crafted with the following script:

from scapy.all import *
data1 = b"HTTP/1.1 200 OK\r\nContent-Length: 5\r\n\r\nTest\n"
data2 = b"HTTP/1.1 400 Bad Request\r\n"     # note: missing \r\n
data1, data2 = data1 + data2[:1], data2[1:]
p = [
IP()/TCP(sport=8080, dport=2575, flags="A", seq=1)/data1,
IP()/TCP(sport=8080, dport=2575, flags="SA", seq=1),
IP()/TCP(sport=8080, dport=2575, flags="A", seq=1+len(data1))/data2,]
wrpcap("bug14472-badhttp.pcap", p)

Note that both the original and this capture requires the default configuration
(TCP and possibly HTTP headers reassembly must be enabled)

-- 
You are receiving this mail because:
You are watching all bug changes.

___________________________________________________________________________
Sent via:    Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
             mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14472] Crafted HTTP traffic causes tshark to abort

Reply via email to