diff options
author | Guy Harris <guy@alum.mit.edu> | 2005-03-11 02:01:17 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2005-03-11 02:01:17 +0000 |
commit | 6285418a43543e3c2d2047c3bece47720e735156 (patch) | |
tree | 6b0474728f4a7a7584f81e548c20b19c3d33d1cf /doc | |
parent | 6db3fe1e96658fd3fab37cfd83437c9997f5733f (diff) |
Add one more reason to use "tvb_get_string()", as we've had a recent
vulnerability due to somebody fetching a string into a fixed-length
buffer.
svn path=/trunk/; revision=13708
Diffstat (limited to 'doc')
-rw-r--r-- | doc/README.developer | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/doc/README.developer b/doc/README.developer index dfea3e1ece..cdcb7f4ddd 100644 --- a/doc/README.developer +++ b/doc/README.developer @@ -356,6 +356,17 @@ Otherwise, you can check whether the data is present by using the pointer from "tvb_get_ptr()" (see the item on this in the Portability section above, and the next item below). +Note also that you should only fetch string data into a fixed-length +buffer if the code ensures that no more bytes than will fit into the +buffer are fetched ("the protocol ensures" isn't good enough, as +protocol specifications can't ensure only packets that conform to the +specification will be transmitted or that only packets for the protocol +in question will be interpreted as packets for that protocol by +Ethereal). If there's no maximum length of string data to be fetched, +routines such as "tvb_get_string()" are safer, as they allocate a buffer +large enough to hold the string. (Note that you should free the string +once you're finished with it.) + If you have gotten a pointer using "tvb_get_ptr()", you must make sure that you do not refer to any data past the length passed as the last argument to "tvb_get_ptr()"; while the various "tvb_get" routines |