Ethereal-dev: [Ethereal-dev] Inadequate bounds checking in packet-socks.c

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Peter Hawkins" <peter@xxxxxxxxxxxxxxxxx>
Date: Fri, 7 Jun 2002 12:01:20 +1000
Hi...

Small bug:

The following code in packet-socks.c is inadequately bounds checked -
suppose the username does not have a null termination character. This
is probably harmless, since there is almost certainly going to be a
null character somewhere in the heap before long, but it's not too
healthy =)

if ( tvb_offset_exists(tvb, offset)) {
                                /* display user name    */
        proto_tree_add_string( tree, hf_user_name, tvb, offset,
                strlen( tvb_get_ptr(tvb, offset, -1)) + 1,
                tvb_get_ptr(tvb, offset, -1));
}

Ditto two other such usages of strlen(tvb_get_ptr(...)) in the same file.

=)
Peter