http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=46581
User: morriss
Date: 2012/12/17 06:28 PM
Log:
Copy over with manual intervention:
------------------------------------------------------------------------
r46579 | morriss | 2012-12-17 21:20:38 -0500 (Mon, 17 Dec 2012) | 3 lines
Get rid of another tvb_get_ptr() abuse (just like r46577 but in a different
function).
------------------------------------------------------------------------
r46577 | morriss | 2012-12-17 21:02:28 -0500 (Mon, 17 Dec 2012) | 20 lines
Fix the fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7945
(or at least the complaints from Valgrind; I couldn't reproduce the crash).
What part of:
~~~
* If you're thinking of using tvb_get_ptr, STOP WHAT YOU ARE DOING
* IMMEDIATELY. Go take a break. Consider that tvb_get_ptr hands you
* a raw, unprotected pointer that you can easily use to create a
* security vulnerability or otherwise crash Wireshark. Then consider
* that you can probably find a function elsewhere in this file that
* does exactly what you want in a much more safe and robust manner.
~~~
did someone not read?
Use tvb_get_ephemeral_stringz() instead of adding (apparently not sufficiently
checked!) offsets to the result of tvb_get_ptr() and assuming that the result
is a) in bounds and b) a NULL-terminated string.
Directory: /trunk-1.6/epan/dissectors/
Changes Path Action
+8 -8 packet-dtn.c Modified