Wireshark-bugs: [Wireshark-bugs] [Bug 7552] Add support for EDNS0 option from draft-vandergaast-

Date: Thu, 30 Aug 2012 10:52:42 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7552

Jakub Zawadzki <darkjames-ws@xxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |darkjames-ws@xxxxxxxxxxxx

--- Comment #7 from Jakub Zawadzki <darkjames-ws@xxxxxxxxxxxx> 2012-08-30 10:52:41 PDT ---
Guys,

This looks pretty dangerous: 
  tvb_memcpy(tvb, ip_addr.bytes, cur_offset, (optlen - 4));

optlen is fetched from tvb, and it only needs to be smaller than rropt_len.
When optlen < 4 tvb_memcpy() should throw exception, but with optlen > 16
(sizeof ip_addr) we'll have buffer overflow.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.