Fix problems found by Beyond Security:

Instead of overflowing an unsigned int when determining the number of items in a range, use a signed int and check for a negative value. Make sure our offset increments as we step through each item. This should avoid large/inifinite loops. Fix the size of hf_dnp3_al_range_stop32. svn path=/trunk/; revision=22811
author: Gerald Combs <gerald@wireshark.org> 2007-09-06 18:26:04 +0000
committer: Gerald Combs <gerald@wireshark.org> 2007-09-06 18:26:04 +0000
commit: 3120e42f6ee1ef0fa4a559da97db6d73a7f82459 (patch)
tree: cda1f0bd4293a9dff1993385f5be40c79956528a /docbook/release-notes.xml
parent: e6f1cf9384bbfff9bbbe624c2e50fb1c15d9f7f2 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/docbook/release-notes.xml b/docbook/release-notes.xml
index 5245a29c00..a553ee9044 100644
--- a/docbook/release-notes.xml
+++ b/docbook/release-notes.xml
@@ -47,6 +47,18 @@ Wireshark Info
           </para>
         </listitem>
 
+        <listitem>
+          <para>
+	    Beyond Security discovered that Wireshark could loop
+	    excessively while reading a malformed DNP packet.
+            <!-- Fixed in r22811 -->
+          </para>
+          <para>Versions affected: 0.10.12 to 0.99.6</para>
+          <para>
+            <!-- <ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-????">CVE-2007-????</ulink> -->
+          </para>
+        </listitem>
+
       </itemizedlist>
 
     </para>
author	Gerald Combs <gerald@wireshark.org>	2007-09-06 18:26:04 +0000
committer	Gerald Combs <gerald@wireshark.org>	2007-09-06 18:26:04 +0000
commit	3120e42f6ee1ef0fa4a559da97db6d73a7f82459 (patch)
tree	cda1f0bd4293a9dff1993385f5be40c79956528a /docbook/release-notes.xml
parent	e6f1cf9384bbfff9bbbe624c2e50fb1c15d9f7f2 (diff)