http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=46578
User: morriss
Date: 2012/12/17 06:07 PM
Log:
Copy over:
------------------------------------------------------------------------
r46577 | morriss | 2012-12-17 21:02:28 -0500 (Mon, 17 Dec 2012) | 20 lines
Fix the fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7945
(or at least the complaints from Valgrind; I couldn't reproduce the crash).
What part of:
~~~
* If you're thinking of using tvb_get_ptr, STOP WHAT YOU ARE DOING
* IMMEDIATELY. Go take a break. Consider that tvb_get_ptr hands you
* a raw, unprotected pointer that you can easily use to create a
* security vulnerability or otherwise crash Wireshark. Then consider
* that you can probably find a function elsewhere in this file that
* does exactly what you want in a much more safe and robust manner.
~~~
did someone not read?
Use tvb_get_ephemeral_stringz() instead of adding (apparently not sufficiently
checked!) offsets to the result of tvb_get_ptr() and assuming that the result
is a) in bounds and b) a NULL-terminated string.
Directory: /trunk-1.8/epan/dissectors/
Changes Path Action
+7 -6 packet-dtn.c Modified