Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 8600] SMTP dissector: improve AUTH handling (NTLM and elementary PLAIN mechani

Wireshark-bugs: [Wireshark-bugs] [Bug 8600] SMTP dissector: improve AUTH handling (NTLM and elem

Date: Wed, 24 Apr 2013 22:34:22 +0000

What	Removed	Added
CC		[email protected]

Comment # 6 on bug 8600 from Jakub Zawadzki

Hi,

(In reply to comment #5)
> Created attachment 10656 [details]
> Decode PLAIN mechs username and password

859  length_user1 = strlen(decrypt);
860  if (returncode >= (length_user1 + 1)) {

This check is still unsafe, please write something like:


const char *decrypt_end = decrypt + returncode;

const char *username_end = memchr(decrypt, '\0', returncode);
if (username_end) {
   const char *password_start = username_end + 1;
   const char *password_end = 
     memchr(password_start, '\0', decrypt_end - password_start);
   ...
}

// please note that I'm not sure if I didn't do off by one error ;>

Cheers,
Kuba.

You are receiving this mail because:

You are watching all bug changes.

References:
- [Wireshark-bugs] [Bug 8600] New: SMTP dissector: improve AUTH handling (NTLM and elementary PLAIN mechanism)
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 8609] Redirection of "wireshark.exe -D" to a text file is not working
Next by Date: [Wireshark-bugs] [Bug 8573] New Dissector Patch - PTP/IP
Previous by thread: [Wireshark-bugs] [Bug 8600] SMTP dissector: improve AUTH handling (NTLM and elementary PLAIN mechanism)
Next by thread: [Wireshark-bugs] [Bug 8600] SMTP dissector: improve AUTH handling (NTLM and elementary PLAIN mechanism)
Index(es):
- Date
- Thread