forked from osmocom/wireshark
epan: Guard g_base64_decode_inplace() against zero length string
The g_base64_decode_inplace() does not handle zero length string so add a guard for this before calling. Bug: 15113 Change-Id: I89fa17dd62af238f4282835c317e5c8be6e0c8a1 Reviewed-on: https://code.wireshark.org/review/29428 Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org> Tested-by: Petri Dish Buildbot Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
This commit is contained in:
parent
c15ada34b1
commit
0b80a42187
|
@ -3322,8 +3322,10 @@ check_auth_basic(proto_item *hdr_item, tvbuff_t *tvb, gchar *value)
|
|||
hdr_tree = NULL;
|
||||
value += hdrlen;
|
||||
|
||||
g_base64_decode_inplace(value, &len);
|
||||
value[len] = 0;
|
||||
if (strlen(value) > 1) {
|
||||
g_base64_decode_inplace(value, &len);
|
||||
value[len] = 0;
|
||||
}
|
||||
proto_tree_add_string(hdr_tree, hf_http_basic, tvb,
|
||||
0, 0, value);
|
||||
|
||||
|
@ -3374,8 +3376,10 @@ check_auth_citrixbasic(proto_item *hdr_item, tvbuff_t *tvb, gchar *value, int of
|
|||
if ( ch_ptr != NULL ) {
|
||||
data_len = (int)(ch_ptr - value + 1);
|
||||
data_val = wmem_strndup(wmem_packet_scope(), value, data_len);
|
||||
g_base64_decode_inplace(data_val, &len);
|
||||
data_val[len] = 0;
|
||||
if (data_len > 1) {
|
||||
g_base64_decode_inplace(data_val, &len);
|
||||
data_val[len] = 0;
|
||||
}
|
||||
pi = proto_tree_add_string(hdr_tree, hf_http_citrix_user, tvb,
|
||||
offset , data_len - 1, data_val);
|
||||
PROTO_ITEM_SET_GENERATED(pi);
|
||||
|
@ -3390,8 +3394,10 @@ check_auth_citrixbasic(proto_item *hdr_item, tvbuff_t *tvb, gchar *value, int of
|
|||
if ( ch_ptr != NULL ) {
|
||||
data_len = (int)(ch_ptr - value + 1);
|
||||
data_val = wmem_strndup(wmem_packet_scope(), value, data_len);
|
||||
g_base64_decode_inplace(data_val, &len);
|
||||
data_val[len] = 0;
|
||||
if (data_len > 1) {
|
||||
g_base64_decode_inplace(data_val, &len);
|
||||
data_val[len] = 0;
|
||||
}
|
||||
pi = proto_tree_add_string(hdr_tree, hf_http_citrix_domain, tvb,
|
||||
offset, data_len - 1, data_val);
|
||||
PROTO_ITEM_SET_GENERATED(pi);
|
||||
|
@ -3406,8 +3412,10 @@ check_auth_citrixbasic(proto_item *hdr_item, tvbuff_t *tvb, gchar *value, int of
|
|||
if ( ch_ptr != NULL ) {
|
||||
data_len = (int)(ch_ptr - value + 1);
|
||||
data_val = wmem_strndup(wmem_packet_scope(), value, data_len);
|
||||
g_base64_decode_inplace(data_val, &len);
|
||||
data_val[len] = 0;
|
||||
if (data_len > 1) {
|
||||
g_base64_decode_inplace(data_val, &len);
|
||||
data_val[len] = 0;
|
||||
}
|
||||
pi = proto_tree_add_string(hdr_tree, hf_http_citrix_passwd, tvb,
|
||||
offset, data_len - 1, data_val);
|
||||
PROTO_ITEM_SET_GENERATED(pi);
|
||||
|
@ -3422,8 +3430,10 @@ check_auth_citrixbasic(proto_item *hdr_item, tvbuff_t *tvb, gchar *value, int of
|
|||
if ( ch_ptr != NULL ) {
|
||||
data_len = (int)(ch_ptr - value + 1);
|
||||
data_val = wmem_strndup(wmem_packet_scope(), value, data_len);
|
||||
g_base64_decode_inplace(data_val, &len);
|
||||
data_val[len] = 0;
|
||||
if (data_len > 1) {
|
||||
g_base64_decode_inplace(data_val, &len);
|
||||
data_val[len] = 0;
|
||||
}
|
||||
pi = proto_tree_add_string(hdr_tree, hf_http_citrix_session, tvb,
|
||||
offset, data_len - 1, data_val);
|
||||
PROTO_ITEM_SET_GENERATED(pi);
|
||||
|
|
|
@ -309,12 +309,14 @@ decode_plain_auth(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
|||
gint length_pass;
|
||||
guint8 *decrypt = NULL;
|
||||
proto_item *ti;
|
||||
gsize len;
|
||||
gsize len = 0;
|
||||
|
||||
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, a_offset, a_linelen, ENC_ASCII);
|
||||
if (smtp_auth_parameter_decoding_enabled) {
|
||||
g_base64_decode_inplace(decrypt, &len);
|
||||
decrypt[len] = 0;
|
||||
if (strlen(decrypt) > 1) {
|
||||
g_base64_decode_inplace(decrypt, &len);
|
||||
decrypt[len] = 0;
|
||||
}
|
||||
returncode = (gint)len;
|
||||
if (returncode) {
|
||||
length_user1 = (gint)strlen(decrypt);
|
||||
|
@ -557,6 +559,7 @@ dissect_smtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_
|
|||
((session_state->last_auth_frame == 0) || (pinfo->num <= session_state->last_auth_frame))) {
|
||||
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset, linelen, ENC_ASCII);
|
||||
if ((smtp_auth_parameter_decoding_enabled) &&
|
||||
(strlen(decrypt) > 1) &&
|
||||
(g_base64_decode_inplace(decrypt, &decrypt_len)) &&
|
||||
(decrypt_len > 0)) {
|
||||
decrypt[decrypt_len] = 0;
|
||||
|
@ -823,8 +826,12 @@ dissect_smtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_
|
|||
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset, linelen, ENC_ASCII);
|
||||
decrypt_len = linelen;
|
||||
if (smtp_auth_parameter_decoding_enabled) {
|
||||
g_base64_decode_inplace(decrypt, &decrypt_len);
|
||||
decrypt[decrypt_len] = 0;
|
||||
if (strlen(decrypt) > 1) {
|
||||
g_base64_decode_inplace(decrypt, &decrypt_len);
|
||||
decrypt[decrypt_len] = 0;
|
||||
} else {
|
||||
decrypt_len = 0;
|
||||
}
|
||||
if (decrypt_len == 0) {
|
||||
/* Go back to the original string */
|
||||
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset, linelen, ENC_ASCII);
|
||||
|
@ -841,8 +848,12 @@ dissect_smtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_
|
|||
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset, linelen, ENC_ASCII);
|
||||
decrypt_len = linelen;
|
||||
if (smtp_auth_parameter_decoding_enabled) {
|
||||
g_base64_decode_inplace(decrypt, &decrypt_len);
|
||||
decrypt[decrypt_len] = 0;
|
||||
if (strlen(decrypt) > 1) {
|
||||
g_base64_decode_inplace(decrypt, &decrypt_len);
|
||||
decrypt[decrypt_len] = 0;
|
||||
} else {
|
||||
decrypt_len = 0;
|
||||
}
|
||||
if (decrypt_len == 0) {
|
||||
/* Go back to the original string */
|
||||
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset, linelen, ENC_ASCII);
|
||||
|
@ -857,8 +868,12 @@ dissect_smtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_
|
|||
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset, linelen, ENC_ASCII);
|
||||
decrypt_len = linelen;
|
||||
if (smtp_auth_parameter_decoding_enabled) {
|
||||
g_base64_decode_inplace(decrypt, &decrypt_len);
|
||||
decrypt[decrypt_len] = 0;
|
||||
if (strlen(decrypt) > 1) {
|
||||
g_base64_decode_inplace(decrypt, &decrypt_len);
|
||||
decrypt[decrypt_len] = 0;
|
||||
} else {
|
||||
decrypt_len = 0;
|
||||
}
|
||||
if (decrypt_len == 0) {
|
||||
/* Go back to the original string */
|
||||
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset, linelen, ENC_ASCII);
|
||||
|
@ -906,8 +921,12 @@ dissect_smtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_
|
|||
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset + 11, linelen - 11, ENC_ASCII);
|
||||
decrypt_len = linelen - 11;
|
||||
if (smtp_auth_parameter_decoding_enabled) {
|
||||
g_base64_decode_inplace(decrypt, &decrypt_len);
|
||||
decrypt[decrypt_len] = 0;
|
||||
if (strlen(decrypt) > 1) {
|
||||
g_base64_decode_inplace(decrypt, &decrypt_len);
|
||||
decrypt[decrypt_len] = 0;
|
||||
} else {
|
||||
decrypt_len = 0;
|
||||
}
|
||||
if (decrypt_len == 0) {
|
||||
/* Go back to the original string */
|
||||
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset + 11, linelen - 11, ENC_ASCII);
|
||||
|
@ -928,8 +947,12 @@ dissect_smtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_
|
|||
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset + 10, linelen - 10, ENC_ASCII);
|
||||
decrypt_len = linelen - 10;
|
||||
if (smtp_auth_parameter_decoding_enabled) {
|
||||
g_base64_decode_inplace(decrypt, &decrypt_len);
|
||||
decrypt[decrypt_len] = 0;
|
||||
if (strlen(decrypt) > 1) {
|
||||
g_base64_decode_inplace(decrypt, &decrypt_len);
|
||||
decrypt[decrypt_len] = 0;
|
||||
} else {
|
||||
decrypt_len = 0;
|
||||
}
|
||||
if (decrypt_len == 0) {
|
||||
/* Go back to the original string */
|
||||
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset + 10, linelen - 10, ENC_ASCII);
|
||||
|
@ -1113,7 +1136,7 @@ dissect_smtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_
|
|||
if (linelen >= 4) {
|
||||
if ((smtp_auth_parameter_decoding_enabled) && (code == 334)) {
|
||||
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, offset + 4, linelen - 4, ENC_ASCII);
|
||||
if ((g_base64_decode_inplace(decrypt, &decrypt_len)) && decrypt_len > 0) {
|
||||
if (strlen(decrypt) > 1 && (g_base64_decode_inplace(decrypt, &decrypt_len)) && decrypt_len > 0) {
|
||||
decrypt[decrypt_len] = 0;
|
||||
if (g_ascii_strncasecmp(decrypt, "NTLMSSP", 7) == 0) {
|
||||
base64_string = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset + 4, linelen - 4, ENC_ASCII);
|
||||
|
|
|
@ -252,13 +252,15 @@ WSLUA_METHOD ByteArray_base64_decode(lua_State* L) {
|
|||
gsize len;
|
||||
|
||||
ba2 = g_byte_array_new();
|
||||
data = (gchar*)g_malloc(ba->len + 1);
|
||||
memcpy(data, ba->data, ba->len);
|
||||
data[ba->len] = '\0';
|
||||
if (ba->len > 1) {
|
||||
data = (gchar*)g_malloc(ba->len + 1);
|
||||
memcpy(data, ba->data, ba->len);
|
||||
data[ba->len] = '\0';
|
||||
|
||||
g_base64_decode_inplace(data, &len);
|
||||
g_byte_array_append(ba2, data, (int)len);
|
||||
g_free(data);
|
||||
g_base64_decode_inplace(data, &len);
|
||||
g_byte_array_append(ba2, data, (int)len);
|
||||
g_free(data);
|
||||
}
|
||||
|
||||
pushByteArray(L,ba2);
|
||||
WSLUA_RETURN(1); /* The created `ByteArray`. */
|
||||
|
|
|
@ -486,7 +486,7 @@ void ShowPacketBytesDialog::updateFieldBytes(bool initialization)
|
|||
int start = finfo_->start + start_;
|
||||
int length = end_ - start_;
|
||||
const guint8 *bytes;
|
||||
gsize new_length;
|
||||
gsize new_length = 0;
|
||||
|
||||
if (!finfo_->ds_tvb)
|
||||
return;
|
||||
|
@ -502,7 +502,9 @@ void ShowPacketBytesDialog::updateFieldBytes(bool initialization)
|
|||
{
|
||||
bytes = tvb_get_ptr(finfo_->ds_tvb, start, -1);
|
||||
field_bytes_ = QByteArray((const char *)bytes, length);
|
||||
g_base64_decode_inplace(field_bytes_.data(), &new_length);
|
||||
if (field_bytes_.size() > 1) {
|
||||
g_base64_decode_inplace(field_bytes_.data(), &new_length);
|
||||
}
|
||||
field_bytes_.resize((int)new_length);
|
||||
break;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue