Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10840] Wireshark 1.12.2 Canon BJNP proto handler flaw

Wireshark-bugs: [Wireshark-bugs] [Bug 10840] Wireshark 1.12.2 Canon BJNP proto handler flaw

Date: Fri, 09 Jan 2015 09:36:57 +0000

Comment # 2 on bug 10840 from Ivan

(In reply to Alexis La Goutte from comment #1)
> Hi Ivan,
> 
> What the possible overflow ? 
> There is a lot of display using tvb_get_* for get length of payload
> And if there is a to big value, proto_tree_add_item will be set a exception


//e.c.:
//offset = 4;
//payload_len = 0xffffffff; 
//(payload_len is fully controlled by the remote side)

offset += payload_len; //offset = 3;

You are receiving this mail because:

You are watching all bug changes.

References:
- [Wireshark-bugs] [Bug 10840] New: Wireshark 1.12.2 Canon BJNP proto handler flaw
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 10840] Wireshark 1.12.2 Canon BJNP proto handler flaw
Next by Date: [Wireshark-bugs] [Bug 10840] Wireshark 1.12.2 Canon BJNP proto handler flaw
Previous by thread: [Wireshark-bugs] [Bug 10840] Wireshark 1.12.2 Canon BJNP proto handler flaw
Next by thread: [Wireshark-bugs] [Bug 10840] Wireshark 1.12.2 Canon BJNP proto handler flaw
Index(es):
- Date
- Thread