Hi folks,
Last night I checked in a patch to emem.[ch] and packet.c to enable
intense checking of EP canaries.
Diverselly to the current checks done only once EP memory is being
yield. With this one compiled in, if the env var
WIRESHARK_DEBUG_EP_CANARY exists, it performs the canary check in
several places in packet.c (before and after calling dissectors),
which allows to better pinpoint the corrupter and probably still have
it on the stack when it aborts.
Other than that the EP_CHECK_CANARY() macro allows to easily add further checks.
If compiled in and WIRESHARK_DEBUG_EP_CANARY is not in the env, the
funtion doing the check will return immediately, not checking the
canaries, thus not impating performance that much.
My Question is:
Should this "feature" be compiled by default if canaries are used?
Or just left there for the developer to use when deemed necessary.
BR
\Lego
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan