diff options
author | Gerald Combs <gerald@wireshark.org> | 2000-11-19 16:58:57 +0000 |
---|---|---|
committer | Gerald Combs <gerald@wireshark.org> | 2000-11-19 16:58:57 +0000 |
commit | 2c456a433a556d464f0f08825d7454c6326c6b89 (patch) | |
tree | 86144bdb20467d758a6ed148f7293f9ca50ebfce /packet-imap.c | |
parent | 252d55d80f92fa8267758fbf4faab520d2f79273 (diff) |
Fix buffer overruns:
- packet-afs.c: dissect_acl() didn't restrict the size of a string read
with sscanf(). An exploit has been released.
- packet-nbns.c: When passed an illegal name, get_nbns_name() would
overrun nbname with an error message. This isn't exploitable AFAIK,
but it could result in a crash.
- packet-ntp.c: dissect_ntp() wasn't checking the length of the
reference clock's host name. This is most likely exploitable.
This fix simply lops off the end of the host name if it's too long.
We should probably add an ellipsis (...) as we have done in other
places in the code.
svn path=/trunk/; revision=2671
Diffstat (limited to 'packet-imap.c')
0 files changed, 0 insertions, 0 deletions