path: root/packet-nbns.c
diff options
authorGerald Combs <gerald@wireshark.org>2000-11-19 16:58:57 +0000
committerGerald Combs <gerald@wireshark.org>2000-11-19 16:58:57 +0000
commit2c456a433a556d464f0f08825d7454c6326c6b89 (patch)
tree86144bdb20467d758a6ed148f7293f9ca50ebfce /packet-nbns.c
parent252d55d80f92fa8267758fbf4faab520d2f79273 (diff)
Fix buffer overruns:
- packet-afs.c: dissect_acl() didn't restrict the size of a string read with sscanf(). An exploit has been released. - packet-nbns.c: When passed an illegal name, get_nbns_name() would overrun nbname with an error message. This isn't exploitable AFAIK, but it could result in a crash. - packet-ntp.c: dissect_ntp() wasn't checking the length of the reference clock's host name. This is most likely exploitable. This fix simply lops off the end of the host name if it's too long. We should probably add an ellipsis (...) as we have done in other places in the code. svn path=/trunk/; revision=2671
Diffstat (limited to 'packet-nbns.c')
1 files changed, 4 insertions, 2 deletions
diff --git a/packet-nbns.c b/packet-nbns.c
index 30c3f414bf..2bd7aa04bb 100644
--- a/packet-nbns.c
+++ b/packet-nbns.c
@@ -4,7 +4,7 @@
* Gilbert Ramirez <gram@xiexie.org>
* Much stuff added by Guy Harris <guy@alum.mit.edu>
- * $Id: packet-nbns.c,v 1.47 2000/11/19 08:54:00 guy Exp $
+ * $Id: packet-nbns.c,v 1.48 2000/11/19 16:58:57 gerald Exp $
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@zing.org>
@@ -194,13 +194,15 @@ nbns_type_name (int type)
return "unknown";
+#define NBNAME_BUF_LEN 128
static int
get_nbns_name(const u_char *pd, int offset, int nbns_data_offset,
char *name_ret, int *name_type_ret)
int name_len;
char name[MAXDNAME];
- char nbname[NETBIOS_NAME_LEN];
+ char nbname[NBNAME_BUF_LEN];
char *pname, *pnbname, cname, cnbname;
int name_type;