Wireshark · Ethereal-dev: [Ethereal-dev] Possible problem in packet-gtp [negative length tvb_memcpy()] ?

Ethereal-dev: [Ethereal-dev] Possible problem in packet-gtp [negative length tvb_memcpy()] ?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Yaniv Kaul <ykaul@xxxxxxxxxxxx>

Date: Sun, 28 Mar 2004 11:06:21 +0200

In packet-gtp.c, is there a problem in the following routine, if length= 1 ?

decode_gtp_priv_ext(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,proto_tree *tree) {


   guint16        length, ext_id;
   gchar        ext_val[64];
   proto_tree    *ext_tree_priv_ext;
   proto_item    *te;

te = proto_tree_add_text(tree, tvb, offset, 1,val_to_str(GTP_EXT_PRIV_EXT, gtp_val, "Unknown message"));

   ext_tree_priv_ext = proto_item_add_subtree(te, ett_gtp_ext);

   length = tvb_get_ntohs(tvb, offset+1);
   if (length < 1) return 3+length;

   ext_id = tvb_get_ntohs(tvb, offset+3);
   tvb_memcpy(tvb, ext_val, offset+5, length > 65 ? 63 : length-2);

Follow-Ups:
- Re: [Ethereal-dev] Possible problem in packet-gtp [negative length tvb_memcpy()] ?
  - From: Guy Harris

Prev by Date: [Ethereal-dev] PATCH: packet-aim-location.c for request_user_info infotype
Next by Date: [Ethereal-dev] Screenshot of the new GTK 2.4 FileChooser dialog?
Previous by thread: Re: [Ethereal-dev] PATCH: packet-aim-location.c for request_user_info infotype
Next by thread: Re: [Ethereal-dev] Possible problem in packet-gtp [negative length tvb_memcpy()] ?
Index(es):
- Date
- Thread