Wireshark · Ethereal-dev: [Ethereal-dev] Re: [Ethereal-cvs] rev 15660: /trunk/plugins/asn1/: packet-asn1.c /trunk/epan/: prefs

Ethereal-dev: [Ethereal-dev] Re: [Ethereal-cvs] rev 15660: /trunk/plugins/asn1/: packet-asn1.c

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Ulf Lamping <ulf.lamping@xxxxxx>

Date: Thu, 01 Sep 2005 21:56:17 +0200

sahlberg@xxxxxxxxxxxx wrote:

User: sahlberg
Date: 2005/09/01 02:05 PM

Log:
convert to g_snprintf()

also make range_convert_range() return an emem allocated string

Directory: /trunk/plugins/asn1/
 Changes    Path             Action
 +0 -3      packet-asn1.c    Modified

Directory: /trunk/epan/
 Changes    Path          Action
 +0 -1      prefs.c       Modified
 +8 -12     range.c       Modified

Directory: /trunk/gtk/
 Changes    Path           Action
 +0 -1      prefs_dlg.c    Modified

Hi Ronnie!

Although I like your effort to make Ethereal safer and with much lessmemory leaks, I have some serious doubts about the following line:


g_snprintf(str, 128-(str-string), "%s%u", prepend_comma?",":"",

The expression "128-(str-string)" is exactly which should be avoided!!!

This way of coding is *very* error intensive, at least when changes aremade to the sources later.

The usage of GString might be problematic in terms of memory leakage,but it is preferable over "hand-crafted" code to manipulate strings. Andmanipulating strings is one of the main reasons for security problems.

Maybe copying the GString code from GLib and replace the g_malloc callsby ep_malloc (well and change the prefix g_string_ to something likeep_string_ or course)?


Regards, ULFL

Follow-Ups:
- Re: [Ethereal-dev] Re: [Ethereal-cvs] rev 15660: /trunk/plugins/asn1/: packet-asn1.c /trunk/epan/: prefs.c range.c /trunk/gtk/: prefs_dlg.c
  - From: Guy Harris

Prev by Date: [Ethereal-dev] Capturing RMI Method Calls.
Next by Date: SV: [Ethereal-dev] Re: cimd dissector
Previous by thread: [Ethereal-dev] Capturing RMI Method Calls.
Next by thread: Re: [Ethereal-dev] Re: [Ethereal-cvs] rev 15660: /trunk/plugins/asn1/: packet-asn1.c /trunk/epan/: prefs.c range.c /trunk/gtk/: prefs_dlg.c
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$