Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 8112] MS-MMC dissector crash

Wireshark-bugs: [Wireshark-bugs] [Bug 8112] MS-MMC dissector crash

Date: Fri, 21 Dec 2012 16:50:37 +0000

Comment # 5 on bug 8112 from Evan Huus

(In reply to comment #4)
> however, I'm not sure if such a check is the best way of fixing this.
> 
> When it gets a negative length, tvb_get_ephemeral_unicode_string() returns a
> string which contains only the 0 termination - there's no indication that
> something went wrong. Should we return NULL for an invalid length parameter?
> Or throw an exception?

I suspect an exception is the right thing to do here.

> The resulting string is then passed to format_text() with the original
> (stupidly large) length. format_text() starts processing without any checks
> and crashes. Should we check that string is non-NULL and cotains no 0x0
> character within len-1 bytes??

Yes, this also.

You are receiving this mail because:

You are watching all bug changes.

References:
- [Wireshark-bugs] [Bug 8112] New: MS-MMC dissector crash
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 8112] MS-MMC dissector crash
Next by Date: [Wireshark-bugs] [Bug 8117] New: Buildbot crash output: fuzz-2012-12-21-13174.pcap
Previous by thread: [Wireshark-bugs] [Bug 8112] MS-MMC dissector crash
Next by thread: [Wireshark-bugs] [Bug 8112] MS-MMC dissector crash
Index(es):
- Date
- Thread