firesheep icon indicating copy to clipboard operation
firesheep copied to clipboard

Published 20 hours ago verified publisher icon codebutler

Double headers, Buffer overflow vulnerability

Open Flamefire opened this issue 13 years ago • 4 comments

I got some warnings on double header entries and investigated on this. I Found that sometimes 2 HTTP packets are send in 1 "packet" captured. The parser ignores this and goes on parsing. This leads to uncomplete packages and crap afterwards breaking the whole capturing session. Related to this i found that Firesheep is ignoring the captured packet size. So it may occur, that it reads past the end of the captured packet since it is not fully received yet (e.g. to small buffer) This may not cause serious problems but also breaks firesheep from that point. It's not that hard to fix, and would be good to see it done (I'll do it anyways) It

Flamefire avatar Feb 12 '11 11:02 Flamefire

Do you have a patch? Otherwise I'll get on this..

codebutler avatar Feb 12 '11 18:02 codebutler

Yes. I've just finished it. First (for compiling under windows... should not have any sideeffects for other OSes but other patch is based on this) http://www.sendspace.com/file/obhiae

Second (the real patch for this) http://www.sendspace.com/file/rot0kv

I skip the whole packet if its not complete. Otherwhise it will create a partial packet, that will mess up the parser since the rest of the packet will never come...

Flamefire avatar Feb 12 '11 18:02 Flamefire

Could you please fork the project, commit & push your changes, and send a pull request?

codebutler avatar Feb 12 '11 20:02 codebutler

I'll try tomorrow. But i'm not used to Git...

Flamefire avatar Feb 12 '11 20:02 Flamefire