osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

epan: Guard g_base64_decode_inplace() against zero length string 

The g_base64_decode_inplace() does not handle zero length string
so add a guard for this before calling.

Bug: 15113
Change-Id: I89fa17dd62af238f4282835c317e5c8be6e0c8a1
Reviewed-on: https://code.wireshark.org/review/29428
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
This commit is contained in:
Stig Bjørlykke 2018-09-05 15:41:46 +02:00
parent c15ada34b1
commit 0b80a42187
4 changed files with 69 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
epan/dissectors/packet-http.c
View File

@ -3322,8 +3322,10 @@ check_auth_basic(proto_item *hdr_item, tvbuff_t *tvb, gchar *value)
hdr_tree = NULL;
value += hdrlen;
g_base64_decode_inplace(value, &len);
value[len] = 0;
if (strlen(value) > 1) {
g_base64_decode_inplace(value, &len);
value[len] = 0;
}
proto_tree_add_string(hdr_tree, hf_http_basic, tvb,
0, 0, value);
@ -3374,8 +3376,10 @@ check_auth_citrixbasic(proto_item *hdr_item, tvbuff_t *tvb, gchar *value, int of
if ( ch_ptr != NULL ) {
data_len = (int)(ch_ptr - value + 1);
data_val = wmem_strndup(wmem_packet_scope(), value, data_len);
g_base64_decode_inplace(data_val, &len);
data_val[len] = 0;
if (data_len > 1) {
g_base64_decode_inplace(data_val, &len);
data_val[len] = 0;
}
pi = proto_tree_add_string(hdr_tree, hf_http_citrix_user, tvb,
offset , data_len - 1, data_val);
PROTO_ITEM_SET_GENERATED(pi);
@ -3390,8 +3394,10 @@ check_auth_citrixbasic(proto_item *hdr_item, tvbuff_t *tvb, gchar *value, int of
if ( ch_ptr != NULL ) {
data_len = (int)(ch_ptr - value + 1);
data_val = wmem_strndup(wmem_packet_scope(), value, data_len);
g_base64_decode_inplace(data_val, &len);
data_val[len] = 0;
if (data_len > 1) {
g_base64_decode_inplace(data_val, &len);
data_val[len] = 0;
}
pi = proto_tree_add_string(hdr_tree, hf_http_citrix_domain, tvb,
offset, data_len - 1, data_val);
PROTO_ITEM_SET_GENERATED(pi);
@ -3406,8 +3412,10 @@ check_auth_citrixbasic(proto_item *hdr_item, tvbuff_t *tvb, gchar *value, int of
if ( ch_ptr != NULL ) {
data_len = (int)(ch_ptr - value + 1);
data_val = wmem_strndup(wmem_packet_scope(), value, data_len);
g_base64_decode_inplace(data_val, &len);
data_val[len] = 0;
if (data_len > 1) {
g_base64_decode_inplace(data_val, &len);
data_val[len] = 0;
}
pi = proto_tree_add_string(hdr_tree, hf_http_citrix_passwd, tvb,
offset, data_len - 1, data_val);
PROTO_ITEM_SET_GENERATED(pi);
@ -3422,8 +3430,10 @@ check_auth_citrixbasic(proto_item *hdr_item, tvbuff_t *tvb, gchar *value, int of
if ( ch_ptr != NULL ) {
data_len = (int)(ch_ptr - value + 1);
data_val = wmem_strndup(wmem_packet_scope(), value, data_len);
g_base64_decode_inplace(data_val, &len);
data_val[len] = 0;
if (data_len > 1) {
g_base64_decode_inplace(data_val, &len);
data_val[len] = 0;
}
pi = proto_tree_add_string(hdr_tree, hf_http_citrix_session, tvb,
offset, data_len - 1, data_val);
PROTO_ITEM_SET_GENERATED(pi);

51
epan/dissectors/packet-smtp.c
View File

@ -309,12 +309,14 @@ decode_plain_auth(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
gint length_pass;
guint8 *decrypt = NULL;
proto_item *ti;
gsize len;
gsize len = 0;
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, a_offset, a_linelen, ENC_ASCII);
if (smtp_auth_parameter_decoding_enabled) {
g_base64_decode_inplace(decrypt, &len);
decrypt[len] = 0;
if (strlen(decrypt) > 1) {
g_base64_decode_inplace(decrypt, &len);
decrypt[len] = 0;
}
returncode = (gint)len;
if (returncode) {
length_user1 = (gint)strlen(decrypt);
@ -557,6 +559,7 @@ dissect_smtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_
((session_state->last_auth_frame == 0) || (pinfo->num <= session_state->last_auth_frame))) {
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset, linelen, ENC_ASCII);
if ((smtp_auth_parameter_decoding_enabled) &&
(strlen(decrypt) > 1) &&
(g_base64_decode_inplace(decrypt, &decrypt_len)) &&
(decrypt_len > 0)) {
decrypt[decrypt_len] = 0;
@ -823,8 +826,12 @@ dissect_smtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset, linelen, ENC_ASCII);
decrypt_len = linelen;
if (smtp_auth_parameter_decoding_enabled) {
g_base64_decode_inplace(decrypt, &decrypt_len);
decrypt[decrypt_len] = 0;
if (strlen(decrypt) > 1) {
g_base64_decode_inplace(decrypt, &decrypt_len);
decrypt[decrypt_len] = 0;
} else {
decrypt_len = 0;
}
if (decrypt_len == 0) {
/* Go back to the original string */
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset, linelen, ENC_ASCII);
@ -841,8 +848,12 @@ dissect_smtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset, linelen, ENC_ASCII);
decrypt_len = linelen;
if (smtp_auth_parameter_decoding_enabled) {
g_base64_decode_inplace(decrypt, &decrypt_len);
decrypt[decrypt_len] = 0;
if (strlen(decrypt) > 1) {
g_base64_decode_inplace(decrypt, &decrypt_len);
decrypt[decrypt_len] = 0;
} else {
decrypt_len = 0;
}
if (decrypt_len == 0) {
/* Go back to the original string */
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset, linelen, ENC_ASCII);
@ -857,8 +868,12 @@ dissect_smtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset, linelen, ENC_ASCII);
decrypt_len = linelen;
if (smtp_auth_parameter_decoding_enabled) {
g_base64_decode_inplace(decrypt, &decrypt_len);
decrypt[decrypt_len] = 0;
if (strlen(decrypt) > 1) {
g_base64_decode_inplace(decrypt, &decrypt_len);
decrypt[decrypt_len] = 0;
} else {
decrypt_len = 0;
}
if (decrypt_len == 0) {
/* Go back to the original string */
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset, linelen, ENC_ASCII);
@ -906,8 +921,12 @@ dissect_smtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset + 11, linelen - 11, ENC_ASCII);
decrypt_len = linelen - 11;
if (smtp_auth_parameter_decoding_enabled) {
g_base64_decode_inplace(decrypt, &decrypt_len);
decrypt[decrypt_len] = 0;
if (strlen(decrypt) > 1) {
g_base64_decode_inplace(decrypt, &decrypt_len);
decrypt[decrypt_len] = 0;
} else {
decrypt_len = 0;
}
if (decrypt_len == 0) {
/* Go back to the original string */
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset + 11, linelen - 11, ENC_ASCII);
@ -928,8 +947,12 @@ dissect_smtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset + 10, linelen - 10, ENC_ASCII);
decrypt_len = linelen - 10;
if (smtp_auth_parameter_decoding_enabled) {
g_base64_decode_inplace(decrypt, &decrypt_len);
decrypt[decrypt_len] = 0;
if (strlen(decrypt) > 1) {
g_base64_decode_inplace(decrypt, &decrypt_len);
decrypt[decrypt_len] = 0;
} else {
decrypt_len = 0;
}
if (decrypt_len == 0) {
/* Go back to the original string */
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset + 10, linelen - 10, ENC_ASCII);
@ -1113,7 +1136,7 @@ dissect_smtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_
if (linelen >= 4) {
if ((smtp_auth_parameter_decoding_enabled) && (code == 334)) {
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, offset + 4, linelen - 4, ENC_ASCII);
if ((g_base64_decode_inplace(decrypt, &decrypt_len)) && decrypt_len > 0) {
if (strlen(decrypt) > 1 && (g_base64_decode_inplace(decrypt, &decrypt_len)) && decrypt_len > 0) {
decrypt[decrypt_len] = 0;
if (g_ascii_strncasecmp(decrypt, "NTLMSSP", 7) == 0) {
base64_string = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset + 4, linelen - 4, ENC_ASCII);

14
epan/wslua/wslua_byte_array.c
View File

@ -252,13 +252,15 @@ WSLUA_METHOD ByteArray_base64_decode(lua_State* L) {
gsize len;
ba2 = g_byte_array_new();
data = (gchar*)g_malloc(ba->len + 1);
memcpy(data, ba->data, ba->len);
data[ba->len] = '\0';
if (ba->len > 1) {
data = (gchar*)g_malloc(ba->len + 1);
memcpy(data, ba->data, ba->len);
data[ba->len] = '\0';
g_base64_decode_inplace(data, &len);
g_byte_array_append(ba2, data, (int)len);
g_free(data);
g_base64_decode_inplace(data, &len);
g_byte_array_append(ba2, data, (int)len);
g_free(data);
}
pushByteArray(L,ba2);
WSLUA_RETURN(1); /* The created `ByteArray`. */

6
ui/qt/show_packet_bytes_dialog.cpp
View File

@ -486,7 +486,7 @@ void ShowPacketBytesDialog::updateFieldBytes(bool initialization)
int start = finfo_->start + start_;
int length = end_ - start_;
const guint8 *bytes;
gsize new_length;
gsize new_length = 0;
if (!finfo_->ds_tvb)
return;
@ -502,7 +502,9 @@ void ShowPacketBytesDialog::updateFieldBytes(bool initialization)
{
bytes = tvb_get_ptr(finfo_->ds_tvb, start, -1);
field_bytes_ = QByteArray((const char *)bytes, length);
g_base64_decode_inplace(field_bytes_.data(), &new_length);
if (field_bytes_.size() > 1) {
g_base64_decode_inplace(field_bytes_.data(), &new_length);
}
field_bytes_.resize((int)new_length);
break;
}