Ethereal-dev: Re: [Ethereal-dev] Bounds check problem in packet-smb-common.c

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxx>
Date: Sat, 15 Jun 2002 17:40:41 -0700
On Fri, Jun 14, 2002 at 05:44:01PM +1000, Peter Hawkins wrote:
> Another bounds check problem:
> packet-smb-common.c lines 81-93.
> This buffer overflow is not exploitable, because it's impossible to get a
> valid value into the hf_index (since you can't stick 0s in a string),
> which means the problem will be caught by an assertion in the
> proto_tree_add_string routine.
> 
> I think the correct fix is to implement a multi-byte string length for
> tvbuffs, as suggested in the comment.

I didn't implement a general multi-byte string length routine, but I did
change that particular routine to compute the length first by scanning
the string, and to allocate a buffer for the ASCIIfied string.