Ethereal-dev: [Ethereal-dev] [Coverity] Possible Format String Vulnerabilites

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: metatech <metatech@xxxxxxxxxxxxx>
Date: Wed, 16 Mar 2005 07:58:59 +0100
>Let me know if these look valid, and if so, when a possible patch would
>be made available. We appreciate your feedback as a method to improve
>and expand our security checkers.

>Bug 1:
>/ethereal-0.10.10/epan/dissectors/packet-mq.c:dissect_mq_pdu
>- sStructId pulled off of tvb via tvb_get_string() and passed to
>proto_tree_add_text() as format argument.

Bryan,

Beware that at line 1595 there is a enumeration of all possible values for the StructId, so the the StructId is only pulled off the packet and taken into account if found in a known list.

CU,

metatech