Wireshark-bugs: [Wireshark-bugs] [Bug 9256] Radiotap decode appears broken

Date: Wed, 09 Oct 2013 19:24:29 +0000

Comment # 6 on bug 9256 from
(In reply to comment #5)
> Hi evan,
> 
> radiotap-iter* dissector come from radio tap stuff :
> http://git.sipsolutions.net/?p=radiotap.git;a=blob;f=radiotap.c;
> h=00bff1c2970471e41d53a30b42b99b718fc750cd;
> hb=a83216771fbfa9f6cd838b5ee73b9ab52fb514b1
> 
> Do you have look there is the some issue in original code ?

The same issue does appear to exist in that code. The while loop on lines
122-136 reads 4 bytes at a time from iterator->_arg. There is an if statement
(lines 132-135) to prevent going past the end of the buffer, but it only checks
that _arg points within the buffer. If _arg points to the very last byte of the
buffer then the check succeeds, but then four bytes are read, three of which
are past the end of the buffer.


You are receiving this mail because:
  • You are watching all bug changes.