Hi folks, Last night I checked in a patch to emem.[ch] and packet.c to enable intense checking of EP canaries.
Diverselly to the current checks done only once EP memory is being yield. With this one compiled in, if the env var WIRESHARK_DEBUG_EP_CANARY exists, it performs the canary check in several places in packet.c (before and after calling dissectors), which allows to better pinpoint the corrupter and probably still have it on the stack when it aborts. Other than that the EP_CHECK_CANARY() macro allows to easily add further checks. If compiled in and WIRESHARK_DEBUG_EP_CANARY is not in the env, the funtion doing the check will return immediately, not checking the canaries, thus not impating performance that much. My Question is: Should this "feature" be compiled by default if canaries are used? Or just left there for the developer to use when deemed necessary. BR \Lego -- This information is top security. When you have read it, destroy yourself. -- Marshall McLuhan _______________________________________________ Wireshark-dev mailing list [email protected] https://wireshark.org/mailman/listinfo/wireshark-dev
