From 0c4eb2779f5507c498f9f076a993f0d0f988f1cd Mon Sep 17 00:00:00 2001 From: Dario Lombardo Date: Tue, 11 Oct 2016 12:48:52 +0200 Subject: [PATCH] ftp: use ws_strtou function. Change-Id: Idd0496f5afe41506ae3b5e22bc0aec09b737be6c Reviewed-on: https://code.wireshark.org/review/18146 Petri-Dish: Peter Wu Reviewed-by: Dario Lombardo Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu --- epan/dissectors/packet-ftp.c | 45 +++++++++++++++++++++++++----------- 1 file changed, 31 insertions(+), 14 deletions(-) diff --git a/epan/dissectors/packet-ftp.c b/epan/dissectors/packet-ftp.c index 93f7b289de..8f971a534e 100644 --- a/epan/dissectors/packet-ftp.c +++ b/epan/dissectors/packet-ftp.c @@ -27,7 +27,7 @@ #include "config.h" #include -#include /* for atoi() and strtoul() */ +#include #include #include @@ -65,6 +65,7 @@ static gint ett_ftp_reqresp = -1; static expert_field ei_ftp_eprt_args_invalid = EI_INIT; static expert_field ei_ftp_epsv_args_invalid = EI_INIT; +static expert_field ei_ftp_response_code_invalid = EI_INIT; static dissector_handle_t ftpdata_handle; @@ -375,7 +376,8 @@ parse_eprt_request(const guchar* line, gint linelen, guint32 *eprt_af, if (delimiters_seen == 2) { /* end of address family field */ gchar *af_str; af_str = wmem_strndup(wmem_packet_scope(), field, fieldlen); - *eprt_af = atoi(af_str); + if (!ws_strtou32(af_str, NULL, eprt_af)) + return FALSE; } else if (delimiters_seen == 3) {/* end of IP address field */ gchar *ip_str; @@ -402,7 +404,8 @@ parse_eprt_request(const guchar* line, gint linelen, guint32 *eprt_af, gchar *pt_str; pt_str = wmem_strndup(wmem_packet_scope(), field, fieldlen); - *ftp_port = atoi(pt_str); + if (!ws_strtou16(pt_str, NULL, ftp_port)) + return FALSE; *ftp_port_len = fieldlen; } @@ -490,20 +493,28 @@ parse_extended_pasv_response(const guchar *line, gint linelen, guint16 *ftp_port * Should now be at digits. */ if (*p != '\0') { + const gchar* endptr; + gboolean port_valid; /* * We didn't run out of text without finding anything. */ - *ftp_port = atoi(p); - *pasv_offset = (guint32)(p - args); + port_valid = ws_strtou16(p, &endptr, ftp_port); + /* the conversion returned false, but the converted value could + be valid instead, check it out */ + if (!port_valid && *endptr == '|') + port_valid = TRUE; + if (port_valid) { + *pasv_offset = (guint32)(p - args); - ret = TRUE; + ret = TRUE; - /* get port string length */ - if ((e=strchr(p,')')) == NULL) { - ret = FALSE; - } - else { - *ftp_port_len = (guint)(--e - p); + /* get port string length */ + if ((e=strchr(p,')')) == NULL) { + ret = FALSE; + } + else { + *ftp_port_len = (guint)(--e - p); + } } } @@ -618,16 +629,21 @@ dissect_ftp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) */ if (linelen >= 3 && g_ascii_isdigit(line[0]) && g_ascii_isdigit(line[1]) && g_ascii_isdigit(line[2])) { + gboolean code_valid; + proto_item* pi; /* * One-line reply, or first or last line * of a multi-line reply. */ tvb_get_nstringz0(tvb, 0, sizeof(code_str), code_str); - code = (guint32)strtoul(code_str, NULL, 10); + code_valid = ws_strtou32(code_str, NULL, &code); - proto_tree_add_uint(reqresp_tree, + pi = proto_tree_add_uint(reqresp_tree, hf_ftp_response_code, tvb, 0, 3, code); + if (!code_valid) + expert_add_info(pinfo, pi, &ei_ftp_response_code_invalid); + /* * See if it's a passive-mode response. * @@ -1026,6 +1042,7 @@ proto_register_ftp(void) static ei_register_info ei[] = { { &ei_ftp_eprt_args_invalid, { "ftp.eprt.args_invalid", PI_MALFORMED, PI_WARN, "EPRT arguments must have the form: ||||", EXPFILL }}, { &ei_ftp_epsv_args_invalid, { "ftp.epsv.args_invalid", PI_MALFORMED, PI_WARN, "EPSV arguments must have the form (||||)", EXPFILL }}, + { &ei_ftp_response_code_invalid, { "ftp.response.code.invalid", PI_MALFORMED, PI_ERROR, "Invalid response code", EXPFILL }} }; expert_module_t* expert_ftp;