https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7552
Jakub Zawadzki <darkjames-ws@xxxxxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |darkjames-ws@xxxxxxxxxxxx
--- Comment #7 from Jakub Zawadzki <darkjames-ws@xxxxxxxxxxxx> 2012-08-30 10:52:41 PDT ---
Guys,
This looks pretty dangerous:
tvb_memcpy(tvb, ip_addr.bytes, cur_offset, (optlen - 4));
optlen is fetched from tvb, and it only needs to be smaller than rropt_len.
When optlen < 4 tvb_memcpy() should throw exception, but with optlen > 16
(sizeof ip_addr) we'll have buffer overflow.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.