osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

ssh: don't crash when computing hash. 

Apparently, it's possile for ssh_keylog_compute_hash() to be called with
a struct ssh_flow_data structure with a null kex_e; if it is, give up on
computing the hash before we try dereferencing global_data->kex_e.

See, for example, the capture at

https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=Example1.pcap

which crashed if I ran a TShark, built from the tip of the master branch::

TShark (Wireshark) 3.3.0 (v3.3.0rc0-1806-g79e43ef98d59)

Copyright 1998-2020 Gerald Combs <gerald@wireshark.org> and
contributors.  License GPLv2+: GNU GPL version 2 or later
<https://www.gnu.org/licenses/gpl-2.0.html> This is free software; see
the source for copying conditions.  There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap (including remote capture support),
without POSIX capabilities, with GLib 2.37.6, with zlib 1.2.11, with SMI
0.4.8, with c-ares 1.15.0, with Lua 5.2.4, with GnuTLS 3.4.17, with
Gcrypt 1.7.7, with MIT Kerberos, with MaxMind DB resolver, with nghttp2
1.39.2, with brotli, with LZ4, with Zstandard, with Snappy, with libxml2
2.9.9.

Running on Mac OS X 10.15.6, build 19G73 (Darwin 19.6.0), with Intel(R)
Core(TM) i9-9980HK CPU @ 2.40GHz (with SSE4.2), with 65536 MB of
physical memory, with locale en_US.UTF-8, with libpcap version
1.10.0-PRE-GIT, with GnuTLS 3.4.17, with Gcrypt 1.7.7, with brotli
1.0.7, with zlib 1.2.11, binary plugins supported (0 loaded).

Built using clang 4.2.1 Compatible Apple LLVM 11.0.3 (clang-1103.0.32.62).

with "tshark -n -V -r Example1.pcap".

Change-Id: Icc534b488e5b486597162e54c725afb54ad61c05
Reviewed-on: https://code.wireshark.org/review/38113
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
This commit is contained in:
Guy Harris 2020-08-10 11:26:16 -07:00
parent 9b07412277
commit 48a6ea0e05
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
epan/dissectors/packet-ssh.c
View File

@ -1606,6 +1606,10 @@ ssh_keylog_compute_hash(tvbuff_t *tvb, int offset,
ssh_keylog_read_file();
if (global_data->kex_e == NULL) {
return;
}
length = tvb_get_ntohl(tvb, offset);
kex_f.length = length;
kex_f.data = (gchar *)tvb_memdup(wmem_packet_scope(), tvb, offset + 4, length);