forked from osmocom/wireshark
In "get_unicode_or_ascii_string()", treat a negative length argument as
a very large unsigned integer (which it probably is), and trim it at INT_MAX, and fix the handling of too-long ASCII strings so that the "..." gets inserted. Make sure that all the bytes of the string exist before truncating the string length to the buffer length, so that the appropriate exception is thrown. svn path=/trunk/; revision=10548
This commit is contained in:
parent
929c732949
commit
22d9288594
|
@ -2,7 +2,7 @@
|
||||||
* Common routines for smb packet dissection
|
* Common routines for smb packet dissection
|
||||||
* Copyright 2000, Jeffrey C. Foster <jfoste@woodward.com>
|
* Copyright 2000, Jeffrey C. Foster <jfoste@woodward.com>
|
||||||
*
|
*
|
||||||
* $Id: packet-smb-common.c,v 1.19 2004/01/05 19:31:44 ulfl Exp $
|
* $Id: packet-smb-common.c,v 1.20 2004/04/03 03:50:44 guy Exp $
|
||||||
*
|
*
|
||||||
* Ethereal - Network traffic analyzer
|
* Ethereal - Network traffic analyzer
|
||||||
* By Gerald Combs <gerald@ethereal.com>
|
* By Gerald Combs <gerald@ethereal.com>
|
||||||
|
@ -141,7 +141,7 @@ unicode_to_str(tvbuff_t *tvb, int offset, int *us_lenp, gboolean exactlen,
|
||||||
guint16 uchar;
|
guint16 uchar;
|
||||||
int len;
|
int len;
|
||||||
int us_len;
|
int us_len;
|
||||||
int overflow = 0;
|
gboolean overflow = FALSE;
|
||||||
|
|
||||||
if (cur == &str[0][0]) {
|
if (cur == &str[0][0]) {
|
||||||
cur = &str[1][0];
|
cur = &str[1][0];
|
||||||
|
@ -174,7 +174,7 @@ unicode_to_str(tvbuff_t *tvb, int offset, int *us_lenp, gboolean exactlen,
|
||||||
*p++ = '?'; /* not 8859-1 */
|
*p++ = '?'; /* not 8859-1 */
|
||||||
len--;
|
len--;
|
||||||
} else
|
} else
|
||||||
overflow = 1;
|
overflow = TRUE;
|
||||||
offset += 2;
|
offset += 2;
|
||||||
bc -= 2;
|
bc -= 2;
|
||||||
us_len += 2;
|
us_len += 2;
|
||||||
|
@ -209,7 +209,8 @@ get_unicode_or_ascii_string(tvbuff_t *tvb, int *offsetp,
|
||||||
static gchar *cur;
|
static gchar *cur;
|
||||||
const gchar *string;
|
const gchar *string;
|
||||||
int string_len;
|
int string_len;
|
||||||
unsigned int copylen;
|
int copylen;
|
||||||
|
gboolean overflow = FALSE;
|
||||||
|
|
||||||
if (*bcp == 0) {
|
if (*bcp == 0) {
|
||||||
/* Not enough data in buffer */
|
/* Not enough data in buffer */
|
||||||
|
@ -232,6 +233,12 @@ get_unicode_or_ascii_string(tvbuff_t *tvb, int *offsetp,
|
||||||
}
|
}
|
||||||
if(exactlen){
|
if(exactlen){
|
||||||
string_len = *len;
|
string_len = *len;
|
||||||
|
if (string_len < 0) {
|
||||||
|
/* This probably means it's a very large unsigned number; just set
|
||||||
|
it to the largest signed number, so that we throw the appropriate
|
||||||
|
exception. */
|
||||||
|
string_len = INT_MAX;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
string = unicode_to_str(tvb, *offsetp, &string_len, exactlen, *bcp);
|
string = unicode_to_str(tvb, *offsetp, &string_len, exactlen, *bcp);
|
||||||
} else {
|
} else {
|
||||||
|
@ -247,11 +254,20 @@ get_unicode_or_ascii_string(tvbuff_t *tvb, int *offsetp,
|
||||||
cur = &str[0][0];
|
cur = &str[0][0];
|
||||||
}
|
}
|
||||||
copylen = *len;
|
copylen = *len;
|
||||||
if (copylen > MAX_UNICODE_STR_LEN)
|
if (copylen < 0) {
|
||||||
|
/* This probably means it's a very large unsigned number; just set
|
||||||
|
it to the largest signed number, so that we throw the appropriate
|
||||||
|
exception. */
|
||||||
|
copylen = INT_MAX;
|
||||||
|
}
|
||||||
|
tvb_ensure_bytes_exist(tvb, *offsetp, copylen);
|
||||||
|
if (copylen > MAX_UNICODE_STR_LEN) {
|
||||||
copylen = MAX_UNICODE_STR_LEN;
|
copylen = MAX_UNICODE_STR_LEN;
|
||||||
|
overflow = TRUE;
|
||||||
|
}
|
||||||
tvb_memcpy(tvb, (guint8 *)cur, *offsetp, copylen);
|
tvb_memcpy(tvb, (guint8 *)cur, *offsetp, copylen);
|
||||||
cur[copylen] = '\0';
|
cur[copylen] = '\0';
|
||||||
if (copylen > MAX_UNICODE_STR_LEN)
|
if (overflow)
|
||||||
strcat(cur, "...");
|
strcat(cur, "...");
|
||||||
string_len = *len;
|
string_len = *len;
|
||||||
string = cur;
|
string = cur;
|
||||||
|
|
Loading…
Reference in New Issue