Wireshark · Ethereal-dev: Re: [Ethereal-dev] Re: possible crashes in packet-asn1.c and packet-ieee80211.c: snprintf return val

Ethereal-dev: Re: [Ethereal-dev] Re: possible crashes in packet-asn1.c and packet-ieee80211.c:

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Ulf Lamping <ulf.lamping@xxxxxx>

Date: Thu, 18 Aug 2005 10:22:35 +0200

ronnie sahlberg wrote:

Nice work.

:-)

I think requiring 1.2.3 is fine,   those
such as myself with older versions are very few and can live with suboptimal
stability/broken g_snprintf()

If you rungrep sprintf | sed -e "s/:.*$//" | sort | uniq

in epan and epan/dissectors
you get a lot of hits.

Yes, that's the next step.

Can you update the wiki and add a section that all these files need to
be audited and fixed up?

I've added:

http://wiki.ethereal.com/Development/InsecureCalls

I've also placed a note, that we might use static code analysis toolslike flawfinder to find other similar problems.


Regards, ULFL

Follow-Ups:
- [Ethereal-dev] Re: possible crashes in packet-asn1.c and packet-ieee80211.c: snprintf return value incorrectly used
  - From: ronnie sahlberg

References:
- [Ethereal-dev] possible crashes in packet-asn1.c and packet-ieee80211.c: snprintf return value incorrectly used
  - From: Ulf Lamping
- [Ethereal-dev] Re: possible crashes in packet-asn1.c and packet-ieee80211.c: snprintf return value incorrectly used
  - From: ronnie sahlberg