Wireshark · Ethereal-dev: Re: [Ethereal-dev] overflow in ftype-string.c

Ethereal-dev: Re: [Ethereal-dev] overflow in ftype-string.c

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Gilbert Ramirez <gilbertr@xxxxxxxxx>

Date: Thu, 3 Feb 2005 09:03:56 -0600

Wow. I can't believe we didn't uncover this earlier. Thanks; I have
committed the diff.

--gilbert

On Thu, 3 Feb 2005 14:24:43 +0200, Pekka Pietikainen <pp@xxxxxxxxxx> wrote:
> Hiya.
> 
> I recently noticed (well, recent gcc/glibc pointed it out by
> making tethereal crash when processing a certain packet :-) ) that
> there's a problem in string_to_repr, it does a sprintf(hex,"%02x",val), but
> doesn't reserve the space for the terminating null. The following
> fixes the issue:
> 
> --- ethereal-0.10.9/epan/ftypes/ftype-string.c~ 2005-02-03 13:40:43.000000000 +0200
> +++ ethereal-0.10.9/epan/ftypes/ftype-string.c  2005-02-03 13:40:43.000000000 +0200
> @@ -105,7 +105,7 @@
>  {
>         gchar *p, c;
>         char *bufp;
> -       char hex[2];
> +       char hex[3];
> 
>         if (rtype == FTREPR_DFILTER) {
>                 bufp = buf;
> 
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
> 
>

References:
- [Ethereal-dev] overflow in ftype-string.c
  - From: Pekka Pietikainen

Prev by Date: [Ethereal-dev] Reassembly & tvb_find_guint8()
Next by Date: Re: [Ethereal-dev] [patch] minor bug fix for stun dissector error attribute
Previous by thread: [Ethereal-dev] overflow in ftype-string.c
Next by thread: [Ethereal-dev] Patch to packet-acse.c
Index(es):
- Date
- Thread