From de9dac1622906c723daf459f749d5d979e17cec0 Mon Sep 17 00:00:00 2001 From: David Perry Date: Tue, 28 Oct 2025 09:20:32 -0400 Subject: [PATCH] Wireshark: fix null refs found by ASAN The plugin crashes when Wireshark is built with Address Sanitization. The cause seems to be having a non-null `proto_tree` with a null `finfo` in `display_hashes_from_packet_table()`. Adding a null check prevents the exception. --- wireshark/source/packet-ja4.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/wireshark/source/packet-ja4.c b/wireshark/source/packet-ja4.c index c3b3343..f83236b 100644 --- a/wireshark/source/packet-ja4.c +++ b/wireshark/source/packet-ja4.c @@ -349,7 +349,7 @@ display_hashes_from_packet_table(proto_tree *tree, tvbuff_t *tvb, int frame_numb proto_tree *sub_tree = NULL; proto_tree *child = tree_location->first_child; - while (child) { + while (child != NULL && child->finfo != NULL) { if (child->finfo->hfinfo && (strcmp(child->finfo->hfinfo->abbrev, "ja4") == 0 || strncmp(child->finfo->hfinfo->abbrev, "ja4.", 4) == 0)) { // Found an existing JA4 subtree @@ -362,8 +362,8 @@ display_hashes_from_packet_table(proto_tree *tree, tvbuff_t *tvb, int frame_numb proto_item *ja4_ti = proto_tree_add_item(tree_location, proto_ja4, tvb, 0, -1, ENC_NA); sub_tree = proto_item_add_subtree(ja4_ti, ett_ja4); } - - if (sub_tree == NULL || sub_tree->finfo->tree_type == -1) { + + if (sub_tree == NULL || sub_tree->finfo == NULL || sub_tree->finfo->tree_type == -1) { return 0; }