On Fri, Jun 14, 2002 at 05:44:01PM +1000, Peter Hawkins wrote: > Another bounds check problem: > packet-smb-common.c lines 81-93. > This buffer overflow is not exploitable, because it's impossible to get a > valid value into the hf_index (since you can't stick 0s in a string), > which means the problem will be caught by an assertion in the > proto_tree_add_string routine. > > I think the correct fix is to implement a multi-byte string length for > tvbuffs, as suggested in the comment.
I didn't implement a general multi-byte string length routine, but I did change that particular routine to compute the length first by scanning the string, and to allocate a buffer for the ASCIIfied string.
