Wireshark · Ethereal-dev: [Ethereal-dev] Re: ethereal 0.10.8 radius/iapp dissector vuln

Ethereal-dev: [Ethereal-dev] Re: ethereal 0.10.8 radius/iapp dissector vuln

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Jonathan Heusser <jonny@xxxxxxxxxxxx>

Date: Wed, 22 Dec 2004 21:06:50 +0100

Guy Harris wrote:

The attached file is an example packet which let ethereal crash,(ab)using the tagged string case.
The current version in SVN doesn't crash, as one of the explicit AVPlength checks I added makes sure you have at least one byte presentfor the tag in a tagged string - although it also doesn't report thatthere's a bad tagged string, so I'll have to see why that is.

Ok, I didn't see you already checked some changes in. I'm only referringto release 0.10.8.

In the current SVN code, the bailing out *is* done by calling"g_assert()", so that Ethereal will crash if a negative length ispassed - as per the above, if that happens, there's a bug somewhereand it has to be fixed there.


good.

--
Key fingerprint = 2A55 EB7C B7EA 6336 7767  4A47 910A 307B 1333 BD6C

References:
- [Ethereal-dev] Re: ethereal 0.10.8 radius/iapp dissector vuln
  - From: Jonathan Heusser
- [Ethereal-dev] Re: ethereal 0.10.8 radius/iapp dissector vuln
  - From: Guy Harris

Prev by Date: Re: [Ethereal-dev] CIMD dissector
Next by Date: [Ethereal-dev] Hmmm, seem unable to submit to SVN today
Previous by thread: [Ethereal-dev] Re: ethereal 0.10.8 radius/iapp dissector vuln
Next by thread: Re: [Ethereal-dev] Re: ethereal 0.10.8 radius/iapp dissector vuln
Index(es):
- Date
- Thread