Wireshark-bugs: [Wireshark-bugs] [Bug 10840] Wireshark 1.12.2 Canon BJNP proto handler flaw
Date: Fri, 09 Jan 2015 09:54:07 +0000

changed bug 10840


What Removed Added
CC   pascal.quantin@gmail.com

Comment # 3 on bug 10840 from
(In reply to Ivan from comment #2)
> (In reply to Alexis La Goutte from comment #1)
> > Hi Ivan,
> > 
> > What the possible overflow ? 
> > There is a lot of display using tvb_get_* for get length of payload
> > And if there is a to big value, proto_tree_add_item will be set a exception
> 
> 
> //e.c.:
> //offset = 4;
> //payload_len = 0xffffffff; 
> //(payload_len is fully controlled by the remote side)
> 
> offset += payload_len; //offset = 3;

What Alexis means is that an exception will be triggered by this line:
 proto_tree_add_item (bjnp_tree, hf_payload, tvb, offset, payload_len, ENC_NA);
It will abort the code execution, so we will not reach the line doing the
overflow.

I agree with Alexis: there does not seem to have something to be fixed here.


You are receiving this mail because:
  • You are watching all bug changes.