Wireshark · Ethereal-dev: Re: [Ethereal-dev] Re: [Coverity] Possible Format String Vulnerabilites

Ethereal-dev: Re: [Ethereal-dev] Re: [Coverity] Possible Format String Vulnerabilites

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Thu, 17 Mar 2005 01:11:39 -0800

Gilbert Ramirez wrote:

Are you sure you want to use g_assert. I think it would be better for
the dissector to record that packet as having an error by throwing an
exception, rather than having ethereal abort on bad data. Otherwise,
it would be easy for a packet to be created that would crash Ethereal.

Yup. I changed it to cast "length" to a "guint", and removed theg_assert() - but even that shouldn't be necessary, at least as I readthe C89 standard, as per my other mail. (I don't think it should eventhrow an exception, as I don't think a length of 255 is invalid there.)

References:
- [Ethereal-dev] [Coverity] Possible Format String Vulnerabilites
  - From: Bryan Fulton
- [Ethereal-dev] Re: [Coverity] Possible Format String Vulnerabilites
  - From: Bryan Fulton
- Re: [Ethereal-dev] Re: [Coverity] Possible Format String Vulnerabilites
  - From: ronnie sahlberg
- Re: [Ethereal-dev] Re: [Coverity] Possible Format String Vulnerabilites
  - From: Gilbert Ramirez

Prev by Date: Re: [Ethereal-dev] Bug report for ethereal-0.10.10 on Fedora x86_64 version
Next by Date: [Ethereal-dev] Lot's of new MSVC warnings in packet-isakmp.c and packet-jxta.c, please fix!
Previous by thread: Re: [Ethereal-dev] Re: [Coverity] Possible Format String Vulnerabilites
Next by thread: Re: [Ethereal-dev] Re: [Coverity] Possible Format String Vulnerabilites
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$