Ethereal-dev: Re: [Ethereal-dev] overflow in ftype-string.c

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Gilbert Ramirez <gilbertr@xxxxxxxxx>
Date: Thu, 3 Feb 2005 09:03:56 -0600
Wow. I can't believe we didn't uncover this earlier. Thanks; I have
committed the diff.

--gilbert

On Thu, 3 Feb 2005 14:24:43 +0200, Pekka Pietikainen <pp@xxxxxxxxxx> wrote:
> Hiya.
> 
> I recently noticed (well, recent gcc/glibc pointed it out by
> making tethereal crash when processing a certain packet :-) ) that
> there's a problem in string_to_repr, it does a sprintf(hex,"%02x",val), but
> doesn't reserve the space for the terminating null. The following
> fixes the issue:
> 
> --- ethereal-0.10.9/epan/ftypes/ftype-string.c~ 2005-02-03 13:40:43.000000000 +0200
> +++ ethereal-0.10.9/epan/ftypes/ftype-string.c  2005-02-03 13:40:43.000000000 +0200
> @@ -105,7 +105,7 @@
>  {
>         gchar *p, c;
>         char *bufp;
> -       char hex[2];
> +       char hex[3];
> 
>         if (rtype == FTREPR_DFILTER) {
>                 bufp = buf;
> 
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
> 
>