forked from osmocom/wireshark
epan: Guard g_base64_decode_inplace() against zero length string
The g_base64_decode_inplace() does not handle zero length string so add a guard for this before calling. Bug: 15113 Change-Id: I89fa17dd62af238f4282835c317e5c8be6e0c8a1 Reviewed-on: https://code.wireshark.org/review/29428 Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org> Tested-by: Petri Dish Buildbot Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
This commit is contained in:
parent
c15ada34b1
commit
0b80a42187
|
@ -3322,8 +3322,10 @@ check_auth_basic(proto_item *hdr_item, tvbuff_t *tvb, gchar *value)
|
||||||
hdr_tree = NULL;
|
hdr_tree = NULL;
|
||||||
value += hdrlen;
|
value += hdrlen;
|
||||||
|
|
||||||
g_base64_decode_inplace(value, &len);
|
if (strlen(value) > 1) {
|
||||||
value[len] = 0;
|
g_base64_decode_inplace(value, &len);
|
||||||
|
value[len] = 0;
|
||||||
|
}
|
||||||
proto_tree_add_string(hdr_tree, hf_http_basic, tvb,
|
proto_tree_add_string(hdr_tree, hf_http_basic, tvb,
|
||||||
0, 0, value);
|
0, 0, value);
|
||||||
|
|
||||||
|
@ -3374,8 +3376,10 @@ check_auth_citrixbasic(proto_item *hdr_item, tvbuff_t *tvb, gchar *value, int of
|
||||||
if ( ch_ptr != NULL ) {
|
if ( ch_ptr != NULL ) {
|
||||||
data_len = (int)(ch_ptr - value + 1);
|
data_len = (int)(ch_ptr - value + 1);
|
||||||
data_val = wmem_strndup(wmem_packet_scope(), value, data_len);
|
data_val = wmem_strndup(wmem_packet_scope(), value, data_len);
|
||||||
g_base64_decode_inplace(data_val, &len);
|
if (data_len > 1) {
|
||||||
data_val[len] = 0;
|
g_base64_decode_inplace(data_val, &len);
|
||||||
|
data_val[len] = 0;
|
||||||
|
}
|
||||||
pi = proto_tree_add_string(hdr_tree, hf_http_citrix_user, tvb,
|
pi = proto_tree_add_string(hdr_tree, hf_http_citrix_user, tvb,
|
||||||
offset , data_len - 1, data_val);
|
offset , data_len - 1, data_val);
|
||||||
PROTO_ITEM_SET_GENERATED(pi);
|
PROTO_ITEM_SET_GENERATED(pi);
|
||||||
|
@ -3390,8 +3394,10 @@ check_auth_citrixbasic(proto_item *hdr_item, tvbuff_t *tvb, gchar *value, int of
|
||||||
if ( ch_ptr != NULL ) {
|
if ( ch_ptr != NULL ) {
|
||||||
data_len = (int)(ch_ptr - value + 1);
|
data_len = (int)(ch_ptr - value + 1);
|
||||||
data_val = wmem_strndup(wmem_packet_scope(), value, data_len);
|
data_val = wmem_strndup(wmem_packet_scope(), value, data_len);
|
||||||
g_base64_decode_inplace(data_val, &len);
|
if (data_len > 1) {
|
||||||
data_val[len] = 0;
|
g_base64_decode_inplace(data_val, &len);
|
||||||
|
data_val[len] = 0;
|
||||||
|
}
|
||||||
pi = proto_tree_add_string(hdr_tree, hf_http_citrix_domain, tvb,
|
pi = proto_tree_add_string(hdr_tree, hf_http_citrix_domain, tvb,
|
||||||
offset, data_len - 1, data_val);
|
offset, data_len - 1, data_val);
|
||||||
PROTO_ITEM_SET_GENERATED(pi);
|
PROTO_ITEM_SET_GENERATED(pi);
|
||||||
|
@ -3406,8 +3412,10 @@ check_auth_citrixbasic(proto_item *hdr_item, tvbuff_t *tvb, gchar *value, int of
|
||||||
if ( ch_ptr != NULL ) {
|
if ( ch_ptr != NULL ) {
|
||||||
data_len = (int)(ch_ptr - value + 1);
|
data_len = (int)(ch_ptr - value + 1);
|
||||||
data_val = wmem_strndup(wmem_packet_scope(), value, data_len);
|
data_val = wmem_strndup(wmem_packet_scope(), value, data_len);
|
||||||
g_base64_decode_inplace(data_val, &len);
|
if (data_len > 1) {
|
||||||
data_val[len] = 0;
|
g_base64_decode_inplace(data_val, &len);
|
||||||
|
data_val[len] = 0;
|
||||||
|
}
|
||||||
pi = proto_tree_add_string(hdr_tree, hf_http_citrix_passwd, tvb,
|
pi = proto_tree_add_string(hdr_tree, hf_http_citrix_passwd, tvb,
|
||||||
offset, data_len - 1, data_val);
|
offset, data_len - 1, data_val);
|
||||||
PROTO_ITEM_SET_GENERATED(pi);
|
PROTO_ITEM_SET_GENERATED(pi);
|
||||||
|
@ -3422,8 +3430,10 @@ check_auth_citrixbasic(proto_item *hdr_item, tvbuff_t *tvb, gchar *value, int of
|
||||||
if ( ch_ptr != NULL ) {
|
if ( ch_ptr != NULL ) {
|
||||||
data_len = (int)(ch_ptr - value + 1);
|
data_len = (int)(ch_ptr - value + 1);
|
||||||
data_val = wmem_strndup(wmem_packet_scope(), value, data_len);
|
data_val = wmem_strndup(wmem_packet_scope(), value, data_len);
|
||||||
g_base64_decode_inplace(data_val, &len);
|
if (data_len > 1) {
|
||||||
data_val[len] = 0;
|
g_base64_decode_inplace(data_val, &len);
|
||||||
|
data_val[len] = 0;
|
||||||
|
}
|
||||||
pi = proto_tree_add_string(hdr_tree, hf_http_citrix_session, tvb,
|
pi = proto_tree_add_string(hdr_tree, hf_http_citrix_session, tvb,
|
||||||
offset, data_len - 1, data_val);
|
offset, data_len - 1, data_val);
|
||||||
PROTO_ITEM_SET_GENERATED(pi);
|
PROTO_ITEM_SET_GENERATED(pi);
|
||||||
|
|
|
@ -309,12 +309,14 @@ decode_plain_auth(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
||||||
gint length_pass;
|
gint length_pass;
|
||||||
guint8 *decrypt = NULL;
|
guint8 *decrypt = NULL;
|
||||||
proto_item *ti;
|
proto_item *ti;
|
||||||
gsize len;
|
gsize len = 0;
|
||||||
|
|
||||||
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, a_offset, a_linelen, ENC_ASCII);
|
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, a_offset, a_linelen, ENC_ASCII);
|
||||||
if (smtp_auth_parameter_decoding_enabled) {
|
if (smtp_auth_parameter_decoding_enabled) {
|
||||||
g_base64_decode_inplace(decrypt, &len);
|
if (strlen(decrypt) > 1) {
|
||||||
decrypt[len] = 0;
|
g_base64_decode_inplace(decrypt, &len);
|
||||||
|
decrypt[len] = 0;
|
||||||
|
}
|
||||||
returncode = (gint)len;
|
returncode = (gint)len;
|
||||||
if (returncode) {
|
if (returncode) {
|
||||||
length_user1 = (gint)strlen(decrypt);
|
length_user1 = (gint)strlen(decrypt);
|
||||||
|
@ -557,6 +559,7 @@ dissect_smtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_
|
||||||
((session_state->last_auth_frame == 0) || (pinfo->num <= session_state->last_auth_frame))) {
|
((session_state->last_auth_frame == 0) || (pinfo->num <= session_state->last_auth_frame))) {
|
||||||
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset, linelen, ENC_ASCII);
|
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset, linelen, ENC_ASCII);
|
||||||
if ((smtp_auth_parameter_decoding_enabled) &&
|
if ((smtp_auth_parameter_decoding_enabled) &&
|
||||||
|
(strlen(decrypt) > 1) &&
|
||||||
(g_base64_decode_inplace(decrypt, &decrypt_len)) &&
|
(g_base64_decode_inplace(decrypt, &decrypt_len)) &&
|
||||||
(decrypt_len > 0)) {
|
(decrypt_len > 0)) {
|
||||||
decrypt[decrypt_len] = 0;
|
decrypt[decrypt_len] = 0;
|
||||||
|
@ -823,8 +826,12 @@ dissect_smtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_
|
||||||
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset, linelen, ENC_ASCII);
|
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset, linelen, ENC_ASCII);
|
||||||
decrypt_len = linelen;
|
decrypt_len = linelen;
|
||||||
if (smtp_auth_parameter_decoding_enabled) {
|
if (smtp_auth_parameter_decoding_enabled) {
|
||||||
g_base64_decode_inplace(decrypt, &decrypt_len);
|
if (strlen(decrypt) > 1) {
|
||||||
decrypt[decrypt_len] = 0;
|
g_base64_decode_inplace(decrypt, &decrypt_len);
|
||||||
|
decrypt[decrypt_len] = 0;
|
||||||
|
} else {
|
||||||
|
decrypt_len = 0;
|
||||||
|
}
|
||||||
if (decrypt_len == 0) {
|
if (decrypt_len == 0) {
|
||||||
/* Go back to the original string */
|
/* Go back to the original string */
|
||||||
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset, linelen, ENC_ASCII);
|
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset, linelen, ENC_ASCII);
|
||||||
|
@ -841,8 +848,12 @@ dissect_smtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_
|
||||||
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset, linelen, ENC_ASCII);
|
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset, linelen, ENC_ASCII);
|
||||||
decrypt_len = linelen;
|
decrypt_len = linelen;
|
||||||
if (smtp_auth_parameter_decoding_enabled) {
|
if (smtp_auth_parameter_decoding_enabled) {
|
||||||
g_base64_decode_inplace(decrypt, &decrypt_len);
|
if (strlen(decrypt) > 1) {
|
||||||
decrypt[decrypt_len] = 0;
|
g_base64_decode_inplace(decrypt, &decrypt_len);
|
||||||
|
decrypt[decrypt_len] = 0;
|
||||||
|
} else {
|
||||||
|
decrypt_len = 0;
|
||||||
|
}
|
||||||
if (decrypt_len == 0) {
|
if (decrypt_len == 0) {
|
||||||
/* Go back to the original string */
|
/* Go back to the original string */
|
||||||
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset, linelen, ENC_ASCII);
|
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset, linelen, ENC_ASCII);
|
||||||
|
@ -857,8 +868,12 @@ dissect_smtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_
|
||||||
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset, linelen, ENC_ASCII);
|
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset, linelen, ENC_ASCII);
|
||||||
decrypt_len = linelen;
|
decrypt_len = linelen;
|
||||||
if (smtp_auth_parameter_decoding_enabled) {
|
if (smtp_auth_parameter_decoding_enabled) {
|
||||||
g_base64_decode_inplace(decrypt, &decrypt_len);
|
if (strlen(decrypt) > 1) {
|
||||||
decrypt[decrypt_len] = 0;
|
g_base64_decode_inplace(decrypt, &decrypt_len);
|
||||||
|
decrypt[decrypt_len] = 0;
|
||||||
|
} else {
|
||||||
|
decrypt_len = 0;
|
||||||
|
}
|
||||||
if (decrypt_len == 0) {
|
if (decrypt_len == 0) {
|
||||||
/* Go back to the original string */
|
/* Go back to the original string */
|
||||||
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset, linelen, ENC_ASCII);
|
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset, linelen, ENC_ASCII);
|
||||||
|
@ -906,8 +921,12 @@ dissect_smtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_
|
||||||
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset + 11, linelen - 11, ENC_ASCII);
|
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset + 11, linelen - 11, ENC_ASCII);
|
||||||
decrypt_len = linelen - 11;
|
decrypt_len = linelen - 11;
|
||||||
if (smtp_auth_parameter_decoding_enabled) {
|
if (smtp_auth_parameter_decoding_enabled) {
|
||||||
g_base64_decode_inplace(decrypt, &decrypt_len);
|
if (strlen(decrypt) > 1) {
|
||||||
decrypt[decrypt_len] = 0;
|
g_base64_decode_inplace(decrypt, &decrypt_len);
|
||||||
|
decrypt[decrypt_len] = 0;
|
||||||
|
} else {
|
||||||
|
decrypt_len = 0;
|
||||||
|
}
|
||||||
if (decrypt_len == 0) {
|
if (decrypt_len == 0) {
|
||||||
/* Go back to the original string */
|
/* Go back to the original string */
|
||||||
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset + 11, linelen - 11, ENC_ASCII);
|
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset + 11, linelen - 11, ENC_ASCII);
|
||||||
|
@ -928,8 +947,12 @@ dissect_smtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_
|
||||||
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset + 10, linelen - 10, ENC_ASCII);
|
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset + 10, linelen - 10, ENC_ASCII);
|
||||||
decrypt_len = linelen - 10;
|
decrypt_len = linelen - 10;
|
||||||
if (smtp_auth_parameter_decoding_enabled) {
|
if (smtp_auth_parameter_decoding_enabled) {
|
||||||
g_base64_decode_inplace(decrypt, &decrypt_len);
|
if (strlen(decrypt) > 1) {
|
||||||
decrypt[decrypt_len] = 0;
|
g_base64_decode_inplace(decrypt, &decrypt_len);
|
||||||
|
decrypt[decrypt_len] = 0;
|
||||||
|
} else {
|
||||||
|
decrypt_len = 0;
|
||||||
|
}
|
||||||
if (decrypt_len == 0) {
|
if (decrypt_len == 0) {
|
||||||
/* Go back to the original string */
|
/* Go back to the original string */
|
||||||
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset + 10, linelen - 10, ENC_ASCII);
|
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset + 10, linelen - 10, ENC_ASCII);
|
||||||
|
@ -1113,7 +1136,7 @@ dissect_smtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_
|
||||||
if (linelen >= 4) {
|
if (linelen >= 4) {
|
||||||
if ((smtp_auth_parameter_decoding_enabled) && (code == 334)) {
|
if ((smtp_auth_parameter_decoding_enabled) && (code == 334)) {
|
||||||
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, offset + 4, linelen - 4, ENC_ASCII);
|
decrypt = tvb_get_string_enc(wmem_packet_scope(), tvb, offset + 4, linelen - 4, ENC_ASCII);
|
||||||
if ((g_base64_decode_inplace(decrypt, &decrypt_len)) && decrypt_len > 0) {
|
if (strlen(decrypt) > 1 && (g_base64_decode_inplace(decrypt, &decrypt_len)) && decrypt_len > 0) {
|
||||||
decrypt[decrypt_len] = 0;
|
decrypt[decrypt_len] = 0;
|
||||||
if (g_ascii_strncasecmp(decrypt, "NTLMSSP", 7) == 0) {
|
if (g_ascii_strncasecmp(decrypt, "NTLMSSP", 7) == 0) {
|
||||||
base64_string = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset + 4, linelen - 4, ENC_ASCII);
|
base64_string = tvb_get_string_enc(wmem_packet_scope(), tvb, loffset + 4, linelen - 4, ENC_ASCII);
|
||||||
|
|
|
@ -252,13 +252,15 @@ WSLUA_METHOD ByteArray_base64_decode(lua_State* L) {
|
||||||
gsize len;
|
gsize len;
|
||||||
|
|
||||||
ba2 = g_byte_array_new();
|
ba2 = g_byte_array_new();
|
||||||
data = (gchar*)g_malloc(ba->len + 1);
|
if (ba->len > 1) {
|
||||||
memcpy(data, ba->data, ba->len);
|
data = (gchar*)g_malloc(ba->len + 1);
|
||||||
data[ba->len] = '\0';
|
memcpy(data, ba->data, ba->len);
|
||||||
|
data[ba->len] = '\0';
|
||||||
|
|
||||||
g_base64_decode_inplace(data, &len);
|
g_base64_decode_inplace(data, &len);
|
||||||
g_byte_array_append(ba2, data, (int)len);
|
g_byte_array_append(ba2, data, (int)len);
|
||||||
g_free(data);
|
g_free(data);
|
||||||
|
}
|
||||||
|
|
||||||
pushByteArray(L,ba2);
|
pushByteArray(L,ba2);
|
||||||
WSLUA_RETURN(1); /* The created `ByteArray`. */
|
WSLUA_RETURN(1); /* The created `ByteArray`. */
|
||||||
|
|
|
@ -486,7 +486,7 @@ void ShowPacketBytesDialog::updateFieldBytes(bool initialization)
|
||||||
int start = finfo_->start + start_;
|
int start = finfo_->start + start_;
|
||||||
int length = end_ - start_;
|
int length = end_ - start_;
|
||||||
const guint8 *bytes;
|
const guint8 *bytes;
|
||||||
gsize new_length;
|
gsize new_length = 0;
|
||||||
|
|
||||||
if (!finfo_->ds_tvb)
|
if (!finfo_->ds_tvb)
|
||||||
return;
|
return;
|
||||||
|
@ -502,7 +502,9 @@ void ShowPacketBytesDialog::updateFieldBytes(bool initialization)
|
||||||
{
|
{
|
||||||
bytes = tvb_get_ptr(finfo_->ds_tvb, start, -1);
|
bytes = tvb_get_ptr(finfo_->ds_tvb, start, -1);
|
||||||
field_bytes_ = QByteArray((const char *)bytes, length);
|
field_bytes_ = QByteArray((const char *)bytes, length);
|
||||||
g_base64_decode_inplace(field_bytes_.data(), &new_length);
|
if (field_bytes_.size() > 1) {
|
||||||
|
g_base64_decode_inplace(field_bytes_.data(), &new_length);
|
||||||
|
}
|
||||||
field_bytes_.resize((int)new_length);
|
field_bytes_.resize((int)new_length);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue