Wireshark-bugs: [Wireshark-bugs] [Bug 2796] New: [PATCH] Ensure that get_dns_name does not cross
Date: Mon, 11 Aug 2008 03:43:45 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2796

           Summary: [PATCH] Ensure that get_dns_name does not cross packet
                    sub boundry
           Product: Wireshark
           Version: 1.0.2
          Platform: PC
        OS/Version: NetBSD
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: roy@xxxxxxxxxxxx
        Depends on: 2781


Created an attachment (id=2150)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2150)
Add max_len to get_dns_name

Build Information:
# wireshark -v
wireshark 1.0.2

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.10, with GLib 2.16.3, with libpcap 0.9.4, with libz
1.2.3, without POSIX capabilities, with libpcre 7.7, with SMI 0.4.5, without
ADNS, without Lua, with GnuTLS 2.2.5, with Gcrypt 1.4.1, with Heimdal Kerberos,
without PortAudio, without AirPcap.

Running on NetBSD 4.99.70, with libpcap version 0.9.4.

Built using gcc 4.1.3 20080202 prerelease (NetBSD nb1 20080202).
--
get_dns_name in packet-dns.c currently decodes a packet from a given offset
until it's terminated or reaches the end of the packet.

This is not good enough for reading DHCP messages as we should only operate
from the offset until a given point (end of the DHCP option). We cannot use
data after this point as it would be invalid.

Implementation note:
The first bounds check just breaks out - treats max len reached the same as end
of packet reached. This is important as some DHCP messages do not terminate the
encoded DNS name.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.