Ethereal-dev: Re: [Ethereal-dev] Buffer overflows in packet-wtls.c

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxx>
Date: Sat, 15 Jun 2002 16:29:05 -0700
On Fri, Jun 14, 2002 at 06:00:11PM +1000, Peter Hawkins wrote:
> More overflows. These are quite possibly exploitable (they look like
> the best candidates I've seen without actually looking very hard) but I
> just can't be bothered to check any more.

An even better fix is not to extract the string into a buffer in the
first place; if you have a non-null-terminated string with a known
length (either fixed-length or a counted string, the ones in WTLS being
counted strings), you can just use "proto_tree_add_item()".

I've checked that in (along with cleanups of other things I noticed
while looking at the WTLS dissector and the WTLS spec).