osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

Simplify find_delimiter() by making use of tvb_find_guint8(). 

In sss_string():
 -> Protect against tvb_length_remaining() possibly returning -1.
 -> Fix off-by-1 potential buffer overflow condition.
 -> Use isprint() rather than "do-it-yourself" code.
 -> Remove the extra unnecessary "length_remaining" checks in the for() loop.

#BACKPORT(1.10, 1.8)

svn path=/trunk/; revision=51448
This commit is contained in:
Chris Maynard 2013-08-20 22:42:46 +00:00
parent 21ad5c11b2
commit 3accefd72e
1 changed files with 23 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
epan/dissectors/packet-ncp-sss.c
View File

@ -29,6 +29,7 @@
#include <glib.h> #include <glib.h>
#include <epan/packet.h> #include <epan/packet.h>
#include <epan/strutil.h> #include <epan/strutil.h>
#include <ctype.h>
#include "packet-ncp-int.h" #include "packet-ncp-int.h"
#include "packet-ncp-sss.h" #include "packet-ncp-sss.h"
@ -402,22 +403,19 @@ process_flags(proto_tree *sss_tree, tvbuff_t *tvb, guint32 foffset)
return; return;
} }
/* Find the delimiter, '*'.
* Returns the number of bytes from foffset to the delimiter or 0 if not
* found within 256 bytes from foffset */
static int static int
find_delimiter(tvbuff_t *tvb, int foffset) find_delimiter(tvbuff_t *tvb, int foffset)
{ {
int i; int offset;
int length = 0;
guint16 c_char;
for (i=0; i < 256; i++) { offset = tvb_find_guint8(tvb, foffset, 256, '*');
c_char = tvb_get_guint8(tvb, foffset); if (offset >= foffset) {
if (c_char == 0x2a || tvb_length_remaining(tvb, foffset)==0) { return offset - foffset;
break;
}
foffset++;
length++;
} }
return length; return 0;
} }
static int static int
@ -427,8 +425,8 @@ sss_string(tvbuff_t* tvb, int hfinfo, proto_tree *sss_tree, int offset, gboolean
guint32 str_length; guint32 str_length;
char buffer[1024]; char buffer[1024];
guint32 i; guint32 i;
guint16 c_char; guint8 c_char;
guint32 length_remaining = 0; gint length_remaining = 0;
if (length==0) { if (length==0) {
if (little) { if (little) {
@ -441,36 +439,33 @@ sss_string(tvbuff_t* tvb, int hfinfo, proto_tree *sss_tree, int offset, gboolean
str_length = length; str_length = length;
} }
length_remaining = tvb_length_remaining(tvb, foffset); length_remaining = tvb_length_remaining(tvb, foffset);
if(str_length > (guint)length_remaining || str_length > 1024) { if (length_remaining <= 0) {
return foffset;
}
if (str_length > (guint)length_remaining || str_length > (sizeof(buffer)-1)) {
proto_tree_add_string(sss_tree, hfinfo, tvb, foffset, proto_tree_add_string(sss_tree, hfinfo, tvb, foffset,
length_remaining + 4, "<String too long to process>"); length_remaining + 4, "<String too long to process>");
foffset += length_remaining; foffset += length_remaining;
return foffset; return foffset;
} }
if(str_length == 0) { if (str_length == 0) {
proto_tree_add_string(sss_tree, hfinfo, tvb, offset, 4, "<Not Specified>"); proto_tree_add_string(sss_tree, hfinfo, tvb, offset, 4, "<Not Specified>");
return foffset; return foffset;
} }
for ( i = 0; i < str_length; i++ ) { for ( i = 0; i < str_length; i++ ) {
c_char = tvb_get_guint8(tvb, foffset ); c_char = tvb_get_guint8(tvb, foffset);
if (c_char<0x20 || c_char>0x7e) { if (isprint(c_char)) {
if (c_char != 0x00) { buffer[i] = c_char;
c_char = 0x2e; } else {
buffer[i] = c_char & 0xff; if (c_char) {
buffer[i] = '.';
} else { } else {
/* Skip NULL-terminators */
i--; i--;
str_length--; str_length--;
} }
} else {
buffer[i] = c_char & 0xff;
} }
foffset++; foffset++;
length_remaining--;
if(length_remaining==1) {
i++;
break;
}
} }
buffer[i] = '\0'; buffer[i] = '\0';