http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=29958
User: guy
Date: 2009/09/16 07:42 PM
Log:
Do *NOT* skip the rest of the header by reading into a fixed-size buffer
on the stack! There is no guarantee that the header length won't cause a
buffer overflow - there could be a bug in some version of Surveyor
generating a bad file, there could be a future version of Surveyor that
has a really big pseudo-header, the file could've been written by
something other than Surveyor that has a bug in it, there could be a
file that's corrupted in transit, or there could be a deliberately
malformed packet trying to cause *Shark to execute arbitrary code.
Also, explicitly check for a too-short header length and fail with
WTAP_ERR_BAD_RECORD in that case.
Add some comments asking some questions about the header.
(The previous change was for bug 3856:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3856
not bug 3865.)
Directory: /trunk/wiretap/
Changes Path Action
+21 -12 snoop.c Modified