Wireshark-bugs: [Wireshark-bugs] [Bug 1796] Crash when capturing SSL data
Date: Sat, 25 Aug 2007 17:59:36 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1796


luis.ontanon@xxxxxxxxx changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED




------- Comment #5 from luis.ontanon@xxxxxxxxx  2007-08-25 17:59 GMT -------
The overflow was in ftype-bytes that calculated a length for the buffer basesd
on the length of the encoded oid and oid_encoded2string() was generating a
string that was definitevely off.


However due to how oid_repr_len() calculated the oid length there still was a
posibility of overflow.

consider the following oid:

77 7f 7f 7f 7f 7f 7f 7f 7f 7f 7f 7f 7f 7f

encoded_length=14
14*3 + 16 = 58 (as oid_repr_len() calculated it)
14*4 + 5 = 61 (the length of the extreme case)

----------------------------------------------------------***
2.39.127.127.127.127.127.127.127.127.127.127.127.127.127.127_
1234567890123456789012345678901234567890123456789012345678901
                 1         2         3         4         5   

This would had overflown the buffer by 3 bytes.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.