Ethereal-dev: Re: [Ethereal-users] Re: [Ethereal-dev] Cisco IP phone and RFC 1350

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxxxxx>
Date: Sun, 24 Dec 2000 12:18:13 -0800
On Sun, Dec 24, 2000 at 11:59:24AM -0800, Guy Harris wrote:
> However, 0.8.14 should be getting an exception from the tvbuff code if
> it tried to do that, so either the tvbuff code isn't doing the right
> checks, or the routines being used are ones not specified as throwing
> exceptions.

The routines being used are ones not specified as throwing exceptions;
it's using "tvb_strnlen()" to find the length of the option name and
value strings, and that just returns -1 if there's no 0 byte found
before the end of the packet, it doesn't throw an exception.

It's also not checking whether "tvb_strnlen()" returns -1.

> The capture file itself would be useful for debugging this; I might be
> able to synthesize a trace with such a packet, by writing a program (or
> throwing a temporary hack into editcap) and running it on a TFTP capture
> I have, but I can't guarantee that this would reproduce the Ethereal bug
> you're seeing.

It didn't reproduce the exact problem - I couldn't get it to see the
junk I put at the end of the packet - but at least it did reveal the
problem.