https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16212
--- Comment #4 from Peter Wu <pe...@lekensteyn.nl> ---
(In reply to Chuck Craft from comment #3)
> hfinfo_number_value_format_display()
> case BASE_OUI:
> /* Found an address string. */
> g_snprintf(buf, 32, "%02x:%02x:%02x (%s)", p_oui[0], p_oui[1],
> p_oui[2], manuf_name);
>
> Should the calls to g_snprintf() use MAXNAMELEN or does that break something
> else in the packet details display?
That will definitely break things, the caller chain seems to assume space for
no more than 32 characters. If you are confident enough tracking all users down
and fixing the limitation, be my guest :-)
Just make it very convincing that no buffer-overflow vulnerability is
introduced.
--
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
