Wireshark · Ethereal-dev: Re: [Ethereal-dev] Re: [Coverity] Possible Format String Vulnerabilites

Ethereal-dev: Re: [Ethereal-dev] Re: [Coverity] Possible Format String Vulnerabilites

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Thu, 17 Mar 2005 01:11:39 -0800

Gilbert Ramirez wrote:

Are you sure you want to use g_assert. I think it would be better for
the dissector to record that packet as having an error by throwing an
exception, rather than having ethereal abort on bad data. Otherwise,
it would be easy for a packet to be created that would crash Ethereal.

Yup. I changed it to cast "length" to a "guint", and removed theg_assert() - but even that shouldn't be necessary, at least as I readthe C89 standard, as per my other mail. (I don't think it should eventhrow an exception, as I don't think a length of 255 is invalid there.)

References:
- [Ethereal-dev] [Coverity] Possible Format String Vulnerabilites
  - From: Bryan Fulton
- [Ethereal-dev] Re: [Coverity] Possible Format String Vulnerabilites
  - From: Bryan Fulton
- Re: [Ethereal-dev] Re: [Coverity] Possible Format String Vulnerabilites
  - From: ronnie sahlberg
- Re: [Ethereal-dev] Re: [Coverity] Possible Format String Vulnerabilites
  - From: Gilbert Ramirez

Prev by Date: Re: [Ethereal-dev] Bug report for ethereal-0.10.10 on Fedora x86_64 version
Next by Date: [Ethereal-dev] Lot's of new MSVC warnings in packet-isakmp.c and packet-jxta.c, please fix!
Previous by thread: Re: [Ethereal-dev] Re: [Coverity] Possible Format String Vulnerabilites
Next by thread: Re: [Ethereal-dev] Re: [Coverity] Possible Format String Vulnerabilites
Index(es):
- Date
- Thread