Wireshark · Wireshark-dev: Re: [Wireshark-dev] [PATCH] ieee80211 integer overflow

Wireshark-dev: Re: [Wireshark-dev] [PATCH] ieee80211 integer overflow

From: Gerald Combs <gerald@xxxxxxxxxxxxx>

Date: Tue, 12 Dec 2006 14:32:33 -0800

Neil Kettle wrote:
> Hi all - the following is caused by an integer overflow in buggy pointer arithmetic
> in the calculation of the length parameter for the g_snprintf call...
> This is likely unexploitable due to a combination of the restrictions of the bytes
> we may write ('0'->'9', 'A'->'F') and stack layout (that is, because the
> function is static and called from only one stack frame, who itself is
> called from only one stack frame, the compiler inlines both functions with a
> larger stack frame)... Thus, if test-packet does not crash wireshark then
> you have been saved by your compiler...

I've checked in a different fix in r20126.  Can you check to see that it
works as expected?

References:
- [Wireshark-dev] [PATCH] ieee80211 integer overflow
  - From: Neil Kettle

Prev by Date: [Wireshark-dev] [PATCH] bugfix : ICMP unreachable and tcp seq not shown
Next by Date: [Wireshark-dev] Protocol identification for msnms
Previous by thread: Re: [Wireshark-dev] [PATCH] ieee80211 integer overflow
Next by thread: [Wireshark-dev] [PATCH] New Type : ISIS LSPID
Index(es):
- Date
- Thread