Wireshark · Ethereal-dev: Re: [Ethereal-dev] [Coverity] Possible Format String Vulnerabilites

Ethereal-dev: Re: [Ethereal-dev] [Coverity] Possible Format String Vulnerabilites

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: metatech <metatech@xxxxxxxxxxxxx>

Date: Thu, 17 Mar 2005 07:47:24 +0100

metatech wrote:
> Beware that at line 1595 there is a enumeration of all possible values
> for the StructId,
> so the the StructId is only pulled off the packet and taken into account
> if found in a known list.

I think the problem comes from the use of sStructId (and not StructID)


Basically sStructId and structId have the same content...

Sorry if my explanation was a bit too fast, here is a more detailed one :

- at line 1576, the dissector reads 4 bytes from the packet as a long inthe variable "structId"- at line 1595, the dissector checks whether "structId" is in a knownenumeration.- at line 1609, the dissector reads the same 4 bytes from the packet (theoffset is not incremented), but this time as a string, and stores it in thevariable "sStructId".- at line 1610, the dissector passes the variable "sStructId" as a stringformat.

I agree that a syntactical security checker might not spot the fullreasoning...


CU,

metatech

Prev by Date: [Ethereal-dev] Regarding Display Filters
Next by Date: RE: [Ethereal-dev] GSM MAP: register for range of SSNs
Previous by thread: Re: [Ethereal-dev] [Coverity] Possible Format String Vulnerabilites
Next by thread: [Ethereal-dev] Incorrect decode of OUI 00:00:39
Index(es):
- Date
- Thread