Wireshark-bugs: [Wireshark-bugs] [Bug 8600] SMTP dissector: improve AUTH handling (NTLM and elem
Date: Thu, 25 Apr 2013 15:13:42 +0000

changed bug 8600

What Removed Added
Status UNCONFIRMED INCOMPLETE
CC   eapache@gmail.com
Ever confirmed   1

Comment # 7 on bug 8600 from
(In reply to comment #6)
> Hi,
> 
> (In reply to comment #5)
> > Created attachment 10656 [details]
> > Decode PLAIN mechs username and password
> 
> 859  length_user1 = strlen(decrypt);
> 860  if (returncode >= (length_user1 + 1)) {
> 
> This check is still unsafe, please write something like:

Why? epan_base64_decode null-terminates the decoded string. It's off-by-one, I
think, since the length returned by epan_base64_decode includes the
null-terminator it appends, but the form is sound.

(This confusion is probably my fault, since I implied on -dev that
epan_base64_decode didn't null-terminate. I was wrong.)

On an unrelated note, why do you keep calling col_append_sep_fstr with an
empty-string for a separator? Why not just call col_append_fstr?


You are receiving this mail because:
  • You are watching all bug changes.