Wireshark-bugs: [Wireshark-bugs] [Bug 4300] DTN: Bundle Protocol Control flag length check is in
Date: Mon, 7 Dec 2009 13:26:26 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4300

Gerald Combs <gerald@xxxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |gerald@xxxxxxxxxxxxx

--- Comment #4 from Gerald Combs <gerald@xxxxxxxxxxxxx> 2009-12-07 13:26:25 PST ---
fuzz-2009-11-30-7287.pcap from bug 4277 adds a bundle control flag field with a
zero length. This triggers a dissector error. Since hf_bundle_control_flags is
an FT_UINT8, I assumed that 1 was the only valid length. Technically, 1, 2, 3,
and 4 are all valid lengths for all of the FT_UINT* types, so we might be able
to get away with changing the check from "sdnv_length != 1" to "sdnv_length < 1
|| sdnv_length > 4".

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.