profinet, CID 1362120: check the return value of ftell()

change filePosRecord's data type to long, this is what ftell() and fseek() expect limit filePosRecord's scope to the block where it's actually used if ftell() returns < 0, don't move the file pointer and don't call fseek() with the negative offset Change-Id: If5a43099c32e476a691f4d6cd26ed7fb73490fcf Reviewed-on: https://code.wireshark.org/review/16258 Petri-Dish: Martin Kaiser <wireshark@kaiser.cx> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-03 13:37:51 +02:00 · 2016-07-03 13:37:51 +02:00 · 2da35bce9a
parent 50614a95ba
commit 2da35bce9a
1 changed files with 14 additions and 11 deletions
--- a/plugins/profinet/packet-dcerpc-pn-io.c
+++ b/plugins/profinet/packet-dcerpc-pn-io.c
@ -8126,7 +8126,6 @@ dissect_ExpectedSubmoduleBlockReq_block(tvbuff_t *tvb, int offset,

    guint16  searchVendorID = 0;
    guint16  searchDeviceID = 0;
-    gint32   filePosRecord;
    gboolean vendorMatch;
    gboolean deviceMatch;
    conversation_t *conversation;
@ -8383,20 +8382,24 @@ dissect_ExpectedSubmoduleBlockReq_block(tvbuff_t *tvb, int offset,

                            while(fgets(temp, MAX_LINE_LENGTH, fp) != NULL) {
                                if((strstr(temp, moduleNameInfo)) != NULL) {                    /* find the String "<Name" for the TextID */
+                                    long filePosRecord;
+
                                    sscanf(temp, "%*s TextId=\"%[^\"]", tmp_moduletext);        /* saves the correct TextId for the next searchloop */

-                                    filePosRecord = (gint32)ftell(fp);            /* save the current position of the filepointer (Offset) */
-
-                                    while (fgets(temp, MAX_LINE_LENGTH, fp) != NULL && io_data_object->amountInGSDML == 1) {
-                                        /* Find a String with the saved TextID and with a fitting value for it in the same line. This value is the name of the Module! */
-                                        if(((strstr(temp, tmp_moduletext)) != NULL) && ((strstr(temp, moduleValueInfo)) != NULL)) {
-                                            pch = strstr(temp, moduleValueInfo);
-                                            sscanf(pch, "Value=\"%[^\"]", io_data_object->moduleNameStr);
-                                            break;    /* Found the name of the module */
+                                    filePosRecord = ftell(fp);            /* save the current position of the filepointer (Offset) */
+                                    /* ftell() may return -1 for error, don't move fp in this case */
+                                    if (filePosRecord >= 0) {
+                                        while (fgets(temp, MAX_LINE_LENGTH, fp) != NULL && io_data_object->amountInGSDML == 1) {
+                                            /* Find a String with the saved TextID and with a fitting value for it in the same line. This value is the name of the Module! */
+                                            if(((strstr(temp, tmp_moduletext)) != NULL) && ((strstr(temp, moduleValueInfo)) != NULL)) {
+                                                pch = strstr(temp, moduleValueInfo);
+                                                sscanf(pch, "Value=\"%[^\"]", io_data_object->moduleNameStr);
+                                                break;    /* Found the name of the module */
+                                            }
                                        }
-                                    }

-                                    fseek(fp, filePosRecord, SEEK_SET);    /* set filepointer to the correct TextID */
+                                        fseek(fp, filePosRecord, SEEK_SET);    /* set filepointer to the correct TextID */
+                                    }
                                }

                                /* Search for Submoduleidentnumber in GSD-file */