diff options
author | Gerald Combs <gerald@wireshark.org> | 2007-03-09 01:40:30 +0000 |
---|---|---|
committer | Gerald Combs <gerald@wireshark.org> | 2007-03-09 01:40:30 +0000 |
commit | 0e181d05c805e80e617212b37b54185753f5bab5 (patch) | |
tree | 5dccbe12a8bb5bf4a89bcab0cb223b864ef99e33 /docbook | |
parent | 3810cc0891695e2ed7dd685b0c994af5024accf8 (diff) | |
download | wireshark-0e181d05c805e80e617212b37b54185753f5bab5.tar.gz |
Fix for bug 1264 from Julian Cable:
I've refactored the offending code branch and added some comments so
hopefully the intent is a bit clearer. The loop termination conditions
are now obviously independent of the content on the wire (they were
meant to be before, but I admit it was obscure). I've tried using the
ephemeral memory routines.
Add a check for a maximum fragment count, and bail out of reassembly instead
of triggering an ep_alloc exception. Add Julian to AUTHORS. Update the
release notes.
svn path=/trunk/; revision=21007
Diffstat (limited to 'docbook')
-rw-r--r-- | docbook/release-notes.xml | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/docbook/release-notes.xml b/docbook/release-notes.xml index 6fcf3fbb5d..0c3f4a5230 100644 --- a/docbook/release-notes.xml +++ b/docbook/release-notes.xml @@ -48,6 +48,19 @@ Wireshark Info </para> </listitem> + <listitem> + <para> + Wireshark could exhaust system memory while reading a malformed + DCP ETSI packet. + <!-- Fixed in r21007 --> + (Bug <ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1264">1264</ulink>) + </para> + <para>Versions affected: 0.99.5</para> + <para> + <!-- <ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-????">CVE-2007-????</ulink> --> + </para> + </listitem> + </itemizedlist> </para> |