Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 7845] fuzztest crash in HART/IP

Wireshark-bugs: [Wireshark-bugs] [Bug 7845] fuzztest crash in HART/IP - too many TAPS

Date: Wed, 10 Oct 2012 23:09:01 -0700 (PDT)

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7845

--- Comment #2 from Jaap Keuter <jaap.keuter@xxxxxxxxx> 2012-10-10 23:09:01 PDT ---
Looking at it it already has poor design:

  tvb_memcpy(tvb, (guint8 *)&hdr, offset, sizeof(hartip_hdr));
  hdr.transaction_id = g_ntohs(hdr.transaction_id);
  hdr.length = g_ntohs(hdr.length);

>From README.developer:

Don't use structures that overlay packet data, or into which you copy
packet data; the C programming language does not guarantee any
particular alignment of fields within a structure, and even the
extensions that try to guarantee that are compiler-specific and not
necessarily supported by all compilers used to build Wireshark.

>From this line

    bodylen      = hdr.length - HARTIP_HEADER_LENGTH;

We can safely conclude that the header length at least must be
HARTIP_HEADER_LENGTH (= 8), so we can break the loop is less than that.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

References:
- [Wireshark-bugs] [Bug 7845] New: fuzztest crash in HART/IP - too many TAPS
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 7845] fuzztest crash in HART/IP - too many TAPS
Next by Date: [Wireshark-bugs] [Bug 7848] New: "Prepare/Apply a filter" on ISUP CIC should make a filter with decimal CIC number, not hex
Previous by thread: [Wireshark-bugs] [Bug 7845] fuzztest crash in HART/IP - too many TAPS
Next by thread: [Wireshark-bugs] [Bug 7845] fuzztest crash in HART/IP - too many TAPS
Index(es):
- Date
- Thread