Wireshark-commits: [Wireshark-commits] rev 29958: /trunk/wiretap/ /trunk/wiretap/: snoop.c
Date: Thu, 17 Sep 2009 02:42:33 GMT
http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=29958

User: guy
Date: 2009/09/16 07:42 PM

Log:
 Do *NOT* skip the rest of the header by reading into a fixed-size buffer
 on the stack! There is no guarantee that the header length won't cause a
 buffer overflow - there could be a bug in some version of Surveyor
 generating a bad file, there could be a future version of Surveyor that
 has a really big pseudo-header, the file could've been written by
 something other than Surveyor that has a bug in it, there could be a
 file that's corrupted in transit, or there could be a deliberately
 malformed packet trying to cause *Shark to execute arbitrary code.
 
 Also, explicitly check for a too-short header length and fail with
 WTAP_ERR_BAD_RECORD in that case.
 
 Add some comments asking some questions about the header.
 
 (The previous change was for bug 3856:
 
 	https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3856
 
 not bug 3865.)

Directory: /trunk/wiretap/
  Changes    Path          Action
  +21 -12    snoop.c       Modified