I haven't checked into the code but the usage of the guint8 type should
provide a positive 0-256 number. I'm assuming that you are refering to
the 'int length' variable, as the problem. I will change that to uint
type variable.
I'm currently rewriting the socks dissector to use tcp reassemble
and plan to incorporate the enhancements Yaniv has sent in. I have the
socks V4 stuff done and should have the first cut ready to go next week.
Jeff Foster.
> From: Yaniv Kaul [mailto:ykaul@xxxxxxxxxxxx]
>
> Just from reading the code, it seems there's a potential problem of
> copying a negative sized buffer in display_string(), and specifically, in:
>
> int length = tvb_get_guint8(tvb, offset);
>
> tvb_memcpy(tvb, (guint8 *)temp, offset+1, length);
The information in this e-mail is confidential and intended solely for the individual or entity to whom it is addressed. If you have received this e-mail in error, please notify the sender by return e-mail, delete this e-mail, and refrain from any disclosure or action based on the information.
