Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 8112] MS-MMC dissector crash

Wireshark-bugs: [Wireshark-bugs] [Bug 8112] MS-MMC dissector crash

Date: Fri, 21 Dec 2012 16:10:14 +0000

What	Removed	Added
Status	CONFIRMED	IN_PROGRESS

Comment # 4 on bug 8112 from Martin Kaiser

however, I'm not sure if such a check is the best way of fixing this.

When it gets a negative length, tvb_get_ephemeral_unicode_string() returns a
string which contains only the 0 termination - there's no indication that
something went wrong. Should we return NULL for an invalid length parameter? Or
throw an exception?

The resulting string is then passed to format_text() with the original
(stupidly large) length. format_text() starts processing without any checks and
crashes. Should we check that string is non-NULL and cotains no 0x0 character
within len-1 bytes??

You are receiving this mail because:

You are watching all bug changes.

References:
- [Wireshark-bugs] [Bug 8112] New: MS-MMC dissector crash
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 8112] MS-MMC dissector crash
Next by Date: [Wireshark-bugs] [Bug 8112] MS-MMC dissector crash
Previous by thread: [Wireshark-bugs] [Bug 8112] MS-MMC dissector crash
Next by thread: [Wireshark-bugs] [Bug 8112] MS-MMC dissector crash
Index(es):
- Date
- Thread