Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10840] Wireshark 1.12.2 Canon BJNP proto handler flaw

Wireshark-bugs: [Wireshark-bugs] [Bug 10840] Wireshark 1.12.2 Canon BJNP proto handler flaw

Date: Fri, 09 Jan 2015 09:54:07 +0000

What	Removed	Added
CC		[email protected]

Comment # 3 on bug 10840 from Pascal Quantin

(In reply to Ivan from comment #2)
> (In reply to Alexis La Goutte from comment #1)
> > Hi Ivan,
> > 
> > What the possible overflow ? 
> > There is a lot of display using tvb_get_* for get length of payload
> > And if there is a to big value, proto_tree_add_item will be set a exception
> 
> 
> //e.c.:
> //offset = 4;
> //payload_len = 0xffffffff; 
> //(payload_len is fully controlled by the remote side)
> 
> offset += payload_len; //offset = 3;

What Alexis means is that an exception will be triggered by this line:
 proto_tree_add_item (bjnp_tree, hf_payload, tvb, offset, payload_len, ENC_NA);
It will abort the code execution, so we will not reach the line doing the
overflow.

I agree with Alexis: there does not seem to have something to be fixed here.

You are receiving this mail because:

You are watching all bug changes.

References:
- [Wireshark-bugs] [Bug 10840] New: Wireshark 1.12.2 Canon BJNP proto handler flaw
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 10840] Wireshark 1.12.2 Canon BJNP proto handler flaw
Next by Date: [Wireshark-bugs] [Bug 10833] Endianness seems incorrect for some ZigBee attribute decoding
Previous by thread: [Wireshark-bugs] [Bug 10840] Wireshark 1.12.2 Canon BJNP proto handler flaw
Next by thread: [Wireshark-bugs] [Bug 10840] Wireshark 1.12.2 Canon BJNP proto handler flaw
Index(es):
- Date
- Thread