Description of problem: I just tried to compile package ethereal-0.10.8-1 from Redhat Fedora development tree. The compiler said packet-t38.c(236): warning #175: subscript out of range The source code is p_conv_data->method[MAX_T38_SETUP_METHOD_SIZE] = '\0'; Suggest p_conv_data->method[MAX_T38_SETUP_METHOD_SIZE - 1] = '\0'; might be better code. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Thanks. The proposed change has been checked in, and will be in the next Ethereal release. After looking through the code, it appears that this is not a security risk. The only time t38_add_address() is called, "SDP" is passed to the setup_method argument, which means that "p_conv_data->method" is properly terminated. The errant NULL byte is immediately overwritten in line 237: p_conv_data->frame_number = setup_frame_number;