On Fri, Jun 14, 2002 at 06:00:11PM +1000, Peter Hawkins wrote: > More overflows. These are quite possibly exploitable (they look like > the best candidates I've seen without actually looking very hard) but I > just can't be bothered to check any more.
An even better fix is not to extract the string into a buffer in the first place; if you have a non-null-terminated string with a known length (either fixed-length or a counted string, the ones in WTLS being counted strings), you can just use "proto_tree_add_item()". I've checked that in (along with cleanups of other things I noticed while looking at the WTLS dissector and the WTLS spec).
