Fix a couple of off-by-one overflows reported in bug 1415. Update the

release notes accordingly. svn path=/trunk/; revision=20990
2007-03-07 01:17:24 +00:00 · 2007-03-07 01:17:24 +00:00 · b7d30175c0
parent 773cd3dee8
commit b7d30175c0
2 changed files with 20 additions and 1 deletions
--- a/docbook/release-notes.xml
+++ b/docbook/release-notes.xml
@ -33,6 +33,23 @@ Wireshark Info
      The following vulnerabilities have been fixed.  See the
      <ulink url="http://www.wireshark.org/security/wnpa-sec-2007-02.html">security advisory</ulink> for details and a workaround.

+      <itemizedlist>
+
+        <listitem>
+          <para>
+            On some systems, Wireshark could crash while reading
+            iSeries capture files.
+            <!-- Fixed in r20990 -->
+            (Bug <ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1415">1415</ulink>)
+          </para>
+          <para>Versions affected: 0.10.14 to 0.99.5</para>
+          <para>
+            <!-- <ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-????">CVE-2007-????</ulink> -->
+          </para>
+        </listitem>
+
+      </itemizedlist>
+
    </para>

    <para>
@ -46,6 +63,8 @@ Wireshark Info
          disappear or become unusable.
        </para></listitem>

+
+
      </itemizedlist>
    </para>

--- a/wiretap/iseries.c
+++ b/wiretap/iseries.c
@ -254,7 +254,7 @@ iseries_check_file_type (wtap * wth, int *err, int format)
 {
  guint line;
  int num_items_scanned;
-  char buf[ISERIES_LINE_LENGTH], protocol[8], tcpformat[1];
+  char buf[ISERIES_LINE_LENGTH], protocol[9], tcpformat[2];
  guint8 *sdate;

  /* Save trace format for passing between packets */