osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

Use "tvb_get_string()" instead of allocating a (len+1)-sized buffer, 

"tvb_memcpy()"ing to it, and putting in a null terminator;
"tvb_get_string()" will check whether all bytes of the string are
present before allocating the buffer, so that you don't leak memory if
the copy throws an exception, and don't crash if the length is absurdly
large.

Use "tvb_memdup()" instead of allocating a buffer and "tvb_memcpy()"ing
to it, so that an exception is thrown before you try to allocate the
buffer (for the same reasons as listed above).

Before allocating a buffer used when processing a chunk of data from a
packet, get a pointer to the chunk with "tvb_get_ptr()", or check that
the data is all there with "tvb_ensure_bytes_exist()", so that an
exception is thrown before you try to allocate the buffer (for the same
reasons as listed above).

Fix up the lengths of the tvbuff used when dissecting ONC RPC opaque data
with a particular dissector.

svn path=/trunk/; revision=10236
This commit is contained in:
Guy Harris 2004-02-25 09:31:07 +00:00
parent 3353ca1d5a
commit 857318d3b7
18 changed files with 95 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
packet-atalk.c
View File

@ -2,7 +2,7 @@
* Routines for AppleTalk packet disassembly: LLAP, DDP, NBP, ATP, ASP,
* RTMP.
*
* $Id: packet-atalk.c,v 1.95 2004/02/19 07:12:26 guy Exp $
* $Id: packet-atalk.c,v 1.96 2004/02/25 09:31:05 guy Exp $
*
* Simon Wilkinson <sxw@dcs.ed.ac.uk>
*
@ -518,9 +518,7 @@ static int dissect_pascal_string(tvbuff_t *tvb, int offset, proto_tree *tree,
* code, we could perhaps avoid allocating and freeing
* this string buffer.
*/
tmp = g_malloc( len+1 );
tvb_memcpy(tvb, tmp, offset, len);
tmp[len] = 0;
tmp = tvb_get_string(tvb, offset, len);
item = proto_tree_add_string(tree, hf_index, tvb, offset-1, len+1, tmp);
subtree = proto_item_add_subtree(item, ett_pstring);
@ -1055,9 +1053,7 @@ dissect_asp_reply_get_status(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *
break;
case 4: /* DNS */
if (len > 2) {
tmp = g_malloc( len -1);
tvb_memcpy(tvb, tmp, ofs +2, len -2);
tmp[len -2] = 0;
tmp = tvb_get_string(tvb, ofs +2, len -2);
ti = proto_tree_add_text(adr_tree, tvb, ofs, len, "dns %s", tmp);
g_free(tmp);
break;

4
packet-dcerpc-mapi.c
View File

@ -2,7 +2,7 @@
* Routines for MS Exchange MAPI
* Copyright 2002, Ronnie Sahlberg
*
* $Id: packet-dcerpc-mapi.c,v 1.26 2004/01/19 20:10:33 jmayer Exp $
* $Id: packet-dcerpc-mapi.c,v 1.27 2004/02/25 09:31:05 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -164,11 +164,11 @@ mapi_decrypt_pdu(tvbuff_t *tvb, int offset,
}
if(!pinfo->fd->flags.visited){
ptr=(const unsigned char *)tvb_get_ptr(tvb, offset, len);
mmd=g_mem_chunk_alloc(mapi_decrypted_data_chunk);
mmd->callid=di->call_id;
mmd->frame=pinfo->fd->num;
mmd->data=g_malloc(len);
ptr=(const unsigned char *)tvb_get_ptr(tvb, offset, len);
for(i=0;i<len;i++){
mmd->data[i]=ptr[i]^0xa5;
}

10
packet-dhcpv6.c
View File

@ -5,7 +5,7 @@
* SHIRASAKI Yasuhiro <yasuhiro@gnome.gr.jp>
* Tony Lindstrom <tony.lindstrom@ericsson.com>
*
* $Id: packet-dhcpv6.c,v 1.10 2004/01/29 03:46:36 guy Exp $
* $Id: packet-dhcpv6.c,v 1.11 2004/02/25 09:31:05 guy Exp $
*
* The information used comes from:
* RFC3315.txt
@ -450,12 +450,8 @@ dhcpv6_option(tvbuff_t *tvb, proto_tree *bp_tree, int off, int eoff,
"Unknown"),
status_code);
if (optlen - 2 > 0)
status_message = g_malloc(optlen - 2 + 1);
if (status_message != 0){
memset(status_message, 0, optlen - 2 + 1);
status_message = tvb_memcpy(tvb, status_message, off + 2,
optlen - 2);
if (optlen - 2 > 0) {
status_message = tvb_get_string(tvb, off + 2, optlen - 2);
proto_tree_add_text(subtree, tvb, off + 2, optlen - 2,
"Status Message: %s",
status_message);

6
packet-dsi.c
View File

@ -2,7 +2,7 @@
* Routines for dsi packet dissection
* Copyright 2001, Randy McEoin <rmceoin@pe.com>
*
* $Id: packet-dsi.c,v 1.29 2004/01/13 21:49:52 guy Exp $
* $Id: packet-dsi.c,v 1.30 2004/02/25 09:31:05 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -406,9 +406,7 @@ dissect_dsi_reply_get_status(tvbuff_t *tvb, proto_tree *tree, gint offset)
case 4: /* DNS */
case 5: /* SSH tunnel */
if (len > 2) {
tmp = g_malloc( len -1);
tvb_memcpy(tvb, tmp, ofs +2, len -2);
tmp[len -2] = 0;
tmp = tvb_get_string(tvb, ofs +2, len -2);
ti = proto_tree_add_text(adr_tree, tvb, ofs, len, "%s: %s",
(type==4)?"dns":"ssh tunnel", tmp);
g_free(tmp);

23
packet-enip.c
View File

@ -6,7 +6,7 @@
* Magnus Hansson <mah@hms.se>
* Joakim Wiberg <jow@hms.se>
*
* $Id: packet-enip.c,v 1.9 2004/02/04 20:34:53 guy Exp $
* $Id: packet-enip.c,v 1.10 2004/02/25 09:31:05 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -661,10 +661,11 @@ static const value_string enip_class_names_vals[] = {
static proto_item*
add_byte_array_text_to_proto_tree( proto_tree *tree, tvbuff_t *tvb, gint start, gint length, const char* str )
{
char *tmp, *tmp2, *tmp2start;
proto_item* pi;
int i,tmp_length;
guint32 octet;
const char *tmp;
char *tmp2, *tmp2start;
proto_item *pi;
int i,tmp_length,tmp2_length;
guint32 octet;
/* At least one version of Apple's C compiler/linker is buggy, causing
a complaint from the linker about the "literal C string section"
not ending with '\0' if we initialize a 16-element "char" array with
@ -676,22 +677,21 @@ add_byte_array_text_to_proto_tree( proto_tree *tree, tvbuff_t *tvb, gint start,
'8', '9', 'A', 'B', 'C', 'D', 'E', 'F' };
if( ( length * 2 ) > 32 )
{
tmp2 = (char*)g_malloc( 36 );
tmp_length = 16;
tmp2_length = 36;
}
else
{
tmp2 = (char*)g_malloc( ( length * 2 ) + 1 );
tmp_length = length;
tmp2_length = ( length * 2 ) + 1;
}
tmp2start = tmp2;
tmp = tvb_get_ptr( tvb, start, tmp_length );
tmp2 = (char*)g_malloc( tmp2_length );
tmp = (char*)g_malloc( tmp_length );
tvb_memcpy( tvb, tmp, start, tmp_length );
tmp2start = tmp2;
for( i = 0; i < tmp_length; i++ )
{
@ -713,7 +713,6 @@ add_byte_array_text_to_proto_tree( proto_tree *tree, tvbuff_t *tvb, gint start,
pi = proto_tree_add_text( tree, tvb, start, length, "%s%s", str, tmp2start );
g_free( tmp );
g_free( tmp2start );
return( pi );

10
packet-gtp.c
View File

@ -4,7 +4,7 @@
* Copyright 2001, Michal Melerowicz <michal.melerowicz@nokia.com>
* Nicolas Balkota <balkota@mac.com>
*
* $Id: packet-gtp.c,v 1.71 2004/01/06 02:38:03 guy Exp $
* $Id: packet-gtp.c,v 1.72 2004/02/25 09:31:05 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -3303,10 +3303,10 @@ decode_apn(tvbuff_t *tvb, int offset, guint16 length, proto_tree *tree) {
guint8 name_len, tmp;
if (length > 0) {
apn = g_malloc (length + 1);
name_len = tvb_get_guint8 (tvb, offset);
if (name_len < 0x20) {
apn = tvb_get_string(tvb, offset + 1, length);
tvb_memcpy (tvb, apn, offset + 1, length);
for (;;) {
if (name_len >= length - 1) break;
@ -3314,11 +3314,9 @@ decode_apn(tvbuff_t *tvb, int offset, guint16 length, proto_tree *tree) {
name_len = name_len + apn[tmp] + 1;
apn[tmp] = '.';
}
} else {
tvb_memcpy (tvb, apn, offset, length);
}
} else
apn = tvb_get_string(tvb, offset, length);
apn[length-1] = '\0';
proto_tree_add_string (tree, hf_gtp_apn, tvb, offset, length, apn);
g_free(apn);
}

11
packet-icmpv6.c
View File

@ -1,7 +1,7 @@
/* packet-icmpv6.c
* Routines for ICMPv6 packet disassembly
*
* $Id: packet-icmpv6.c,v 1.76 2004/01/29 03:59:03 guy Exp $
* $Id: packet-icmpv6.c,v 1.77 2004/02/25 09:31:06 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -217,16 +217,19 @@ again:
case ND_OPT_SOURCE_LINKADDR:
case ND_OPT_TARGET_LINKADDR:
{
char *t;
int len, i, p;
const guint8 *a;
char *t;
p = offset + sizeof(*opt);
len = (opt->nd_opt_len << 3) - sizeof(*opt);
a = tvb_get_ptr(tvb, p, len);
t = g_malloc(len * 3);
memset(t, 0, len * 3);
p = offset + sizeof(*opt);
for (i = 0; i < len; i++) {
if (i)
t[i * 3 - 1] = ':';
sprintf(&t[i * 3], "%02x", tvb_get_guint8(tvb, p + i) & 0xff);
sprintf(&t[i * 3], "%02x", a[i]);
}
proto_tree_add_text(icmp6opt_tree, tvb,
offset + sizeof(*opt), len, "Link-layer address: %s", t);

7
packet-ieee80211.c
View File

@ -3,7 +3,7 @@
* Copyright 2000, Axis Communications AB
* Inquiries/bugreports should be sent to Johan.Jorgensen@axis.com
*
* $Id: packet-ieee80211.c,v 1.105 2004/02/18 07:56:42 guy Exp $
* $Id: packet-ieee80211.c,v 1.106 2004/02/25 09:31:06 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -2626,6 +2626,7 @@ proto_reg_handoff_ieee80211(void)
}
static tvbuff_t *try_decrypt_wep(tvbuff_t *tvb, guint32 offset, guint32 len) {
const guint8 *enc_data;
guint8 *tmp = NULL;
int i;
tvbuff_t *decr_tvb = NULL;
@ -2633,6 +2634,8 @@ static tvbuff_t *try_decrypt_wep(tvbuff_t *tvb, guint32 offset, guint32 len) {
if (num_wepkeys < 1)
return NULL;
enc_data = tvb_get_ptr(tvb, offset, len);
if ((tmp = g_malloc(len)) == NULL)
return NULL; /* krap! */
@ -2642,7 +2645,7 @@ static tvbuff_t *try_decrypt_wep(tvbuff_t *tvb, guint32 offset, guint32 len) {
#if 0
printf("trying %d\n", i);
#endif
tvb_memcpy(tvb, tmp, offset, len);
memcpy(tmp, enc_data, len);
if (wep_decrypt(tmp, len, i) == 0) {
/* decrypt successful, let's set up a new data tvb. */

15
packet-nfs.c
View File

@ -2,7 +2,7 @@
* Routines for nfs dissection
* Copyright 1999, Uwe Girlich <Uwe.Girlich@philosys.de>
* Copyright 2000-2002, Mike Frisch <frisch@hummingbird.com> (NFSv4 decoding)
* $Id: packet-nfs.c,v 1.95 2004/02/11 04:34:38 guy Exp $
* $Id: packet-nfs.c,v 1.96 2004/02/25 09:31:06 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -678,8 +678,7 @@ nfs_name_snoop_add_name(int xid, tvbuff_t *tvb, int name_offset, int name_len, i
if(parent_len){
nns->parent_len=parent_len;
nns->parent=g_malloc(parent_len);
memcpy(nns->parent, tvb_get_ptr(tvb, parent_offset, parent_len), parent_len);
nns->parent=tvb_memdup(tvb, parent_offset, parent_len);
} else {
nns->parent_len=0;
nns->parent=NULL;
@ -739,8 +738,7 @@ nfs_name_snoop_add_fh(int xid, tvbuff_t *tvb, int fh_offset, int fh_length)
}
/* oki, we have a new entry */
fh=g_malloc(fh_length);
memcpy(fh, tvb_get_ptr(tvb, fh_offset, fh_length), fh_length);
fh=tvb_memdup(tvb, fh_offset, fh_length);
nns->fh=fh;
nns->fh_length=fh_length;
@ -6022,6 +6020,7 @@ dissect_nfs_attributes(tvbuff_t *tvb, int offset, packet_info *pinfo,
int attr_vals_offset;
bitmap_len = tvb_get_ntohl(tvb, offset);
tvb_ensure_bytes_exist(tvb, offset, 4 + bitmap_len * 4);
fitem = proto_tree_add_text(tree, tvb, offset, 4 + bitmap_len * 4,
"%s", "attrmask");
offset += 4;
@ -6039,12 +6038,6 @@ dissect_nfs_attributes(tvbuff_t *tvb, int offset, packet_info *pinfo,
for (i = 0; i < bitmap_len; i++)
{
if (!tvb_bytes_exist(tvb, offset, 4))
{
g_free(bitmap);
return offset;
}
bitmap[i] = tvb_get_ntohl(tvb, offset);
sl = 0x00000001;

7
packet-nlm.c
View File

@ -1,7 +1,7 @@
/* packet-nlm.c
* Routines for nlm dissection
*
* $Id: packet-nlm.c,v 1.35 2003/08/17 21:34:22 sahlberg Exp $
* $Id: packet-nlm.c,v 1.36 2004/02/25 09:31:06 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -296,7 +296,6 @@ nlm_register_unmatched_msg(packet_info *pinfo, tvbuff_t *tvb, int offset)
{
nlm_msg_res_unmatched_data *umd;
nlm_msg_res_unmatched_data *old_umd;
char *cookie;
/* allocate and build the unmatched structure for this request */
umd=g_malloc(sizeof(nlm_msg_res_unmatched_data));
@ -304,9 +303,7 @@ nlm_register_unmatched_msg(packet_info *pinfo, tvbuff_t *tvb, int offset)
umd->ns.secs=pinfo->fd->abs_secs;
umd->ns.nsecs=pinfo->fd->abs_usecs*1000;
umd->cookie_len=tvb_get_ntohl(tvb, offset);
cookie=g_malloc(umd->cookie_len);
tvb_memcpy(tvb, (guint8 *)cookie, offset+4, umd->cookie_len);
umd->cookie=cookie;
umd->cookie=tvb_memdup(tvb, offset+4, umd->cookie_len);
/* remove any old duplicates */
old_umd=g_hash_table_lookup(nlm_msg_res_unmatched, (gconstpointer)umd);

7
packet-ntlmssp.c
View File

@ -3,7 +3,7 @@
* Devin Heitmueller <dheitmueller@netilla.com>
* Copyright 2003, Tim Potter <tpot@samba.org>
*
* $Id: packet-ntlmssp.c,v 1.46 2004/01/19 20:10:36 jmayer Exp $
* $Id: packet-ntlmssp.c,v 1.47 2004/02/25 09:31:06 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -1268,11 +1268,10 @@ dissect_ntlmssp_encrypted_payload(tvbuff_t *tvb, int offset,
/* Store the decrypted contents in the packet state struct
(of course at this point, they aren't decrypted yet) */
packet_ntlmssp_info->decrypted_payload = g_malloc (encrypted_block_length);
packet_ntlmssp_info->decrypted_payload = tvb_memdup(tvb, offset,
encrypted_block_length);
decrypted_payloads = g_slist_prepend(decrypted_payloads,
packet_ntlmssp_info->decrypted_payload);
tvb_memcpy(tvb, packet_ntlmssp_info->decrypted_payload,
offset, encrypted_block_length);
/* Do the decryption of the payload */
crypt_rc4(rc4_state, packet_ntlmssp_info->decrypted_payload,

47
packet-rpc.c
View File

@ -2,7 +2,7 @@
* Routines for rpc dissection
* Copyright 1999, Uwe Girlich <Uwe.Girlich@philosys.de>
*
* $Id: packet-rpc.c,v 1.140 2003/12/28 12:43:38 ulfl Exp $
* $Id: packet-rpc.c,v 1.141 2004/02/25 09:31:06 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -526,6 +526,7 @@ dissect_rpc_opaque_data(tvbuff_t *tvb, int offset,
gboolean string_data, char **string_buffer_ret,
dissect_function_t *dissect_it)
{
int data_offset;
proto_item *string_item = NULL;
proto_tree *string_tree = NULL;
@ -548,14 +549,14 @@ dissect_rpc_opaque_data(tvbuff_t *tvb, int offset,
if (fixed_length) {
string_length = length;
string_length_captured = tvb_length_remaining(tvb, offset);
string_length_packet = tvb_reported_length_remaining(tvb, offset);
data_offset = offset;
}
else {
string_length = tvb_get_ntohl(tvb,offset+0);
string_length_captured = tvb_length_remaining(tvb, offset + 4);
string_length_packet = tvb_reported_length_remaining(tvb, offset + 4);
data_offset = offset + 4;
}
string_length_captured = tvb_length_remaining(tvb, data_offset);
string_length_packet = tvb_reported_length_remaining(tvb, data_offset);
string_length_full = rpc_roundup(string_length);
if (string_length_captured < string_length) {
/* truncated string */
@ -572,18 +573,10 @@ dissect_rpc_opaque_data(tvbuff_t *tvb, int offset,
/* full string data */
string_length_copy = string_length;
fill_length = string_length_full - string_length;
if (fixed_length) {
fill_length_captured = tvb_length_remaining(tvb,
offset + string_length);
fill_length_packet = tvb_reported_length_remaining(tvb,
offset + string_length);
}
else {
fill_length_captured = tvb_length_remaining(tvb,
offset + 4 + string_length);
fill_length_packet = tvb_reported_length_remaining(tvb,
offset + 4 + string_length);
}
fill_length_captured = tvb_length_remaining(tvb,
data_offset + string_length);
fill_length_packet = tvb_reported_length_remaining(tvb,
data_offset + string_length);
if (fill_length_captured < fill_length) {
/* truncated fill bytes */
fill_length_copy = fill_length_packet;
@ -608,22 +601,20 @@ dissect_rpc_opaque_data(tvbuff_t *tvb, int offset,
if (dissect_it) {
tvbuff_t *opaque_tvb;
opaque_tvb = tvb_new_subset(tvb, offset,
(fixed_length?offset:(offset + 4)), string_length_copy);
opaque_tvb = tvb_new_subset(tvb, data_offset, string_length_copy,
string_length);
return (*dissect_it)(opaque_tvb, offset, pinfo, tree);
}
string_buffer = (char*)g_malloc(string_length_copy +
(string_data ? 1 : 0));
if (fixed_length)
tvb_memcpy(tvb,string_buffer, offset, string_length_copy);
else
tvb_memcpy(tvb,string_buffer,offset+4,string_length_copy);
if (string_data)
string_buffer[string_length_copy] = '\0';
if (string_data) {
string_buffer = tvb_get_string(tvb, data_offset,
string_length_copy);
} else {
string_buffer = tvb_memdup(tvb, data_offset,
string_length_copy);
}
/* calculate a nice printable string */
if (string_length) {
if (string_length != string_length_copy) {

8
packet-rtcp.c
View File

@ -1,6 +1,6 @@
/* packet-rtcp.c
*
* $Id: packet-rtcp.c,v 1.39 2004/02/14 22:48:52 guy Exp $
* $Id: packet-rtcp.c,v 1.40 2004/02/25 09:31:06 guy Exp $
*
* Routines for RTCP dissection
* RTCP = Real-time Transport Control Protocol
@ -369,7 +369,6 @@ dissect_rtcp_bye( tvbuff_t *tvb, int offset, proto_tree *tree,
{
unsigned int chunk = 1;
unsigned int reason_length = 0;
unsigned int counter = 0;
char* reason_text = NULL;
while ( chunk <= count ) {
@ -385,10 +384,7 @@ dissect_rtcp_bye( tvbuff_t *tvb, int offset, proto_tree *tree,
proto_tree_add_item( tree, hf_rtcp_ssrc_length, tvb, offset, 1, FALSE );
offset++;
reason_text = g_malloc( reason_length + 1 );
for ( counter = 0; counter < reason_length; counter++ ) reason_text[ counter ] = tvb_get_guint8( tvb, offset + counter );
/* strncpy( reason_text, pd + offset, reason_length ); */
reason_text[ reason_length ] = '\0';
reason_text = tvb_get_string(tvb, offset, reason_length);
proto_tree_add_string( tree, hf_rtcp_ssrc_text, tvb, offset, reason_length, reason_text );
g_free( reason_text );
offset += reason_length;

4
packet-telnet.c
View File

@ -2,7 +2,7 @@
* Routines for Telnet packet dissection; see RFC 854 and RFC 855
* Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
*
* $Id: packet-telnet.c,v 1.44 2004/02/03 18:41:19 guy Exp $
* $Id: packet-telnet.c,v 1.45 2004/02/25 09:31:07 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -707,11 +707,11 @@ unescape_and_tvbuffify_telnet_option(packet_info *pinfo, tvbuff_t *tvb, int offs
if(len>=MAX_KRB5_BLOB_LEN)
return NULL;
spos=tvb_get_ptr(tvb, offset, len);
/* XXX we never g_free() this one. This is done automagically
when the parent tvb is destroyed?
*/
buf=g_malloc(len);
spos=tvb_get_ptr(tvb, offset, len);
dpos=buf;
skip=0;
l=len;

5
packet-vj.c
View File

@ -1,7 +1,7 @@
/* packet-vj.c
* Routines for Van Jacobson header decompression.
*
* $Id: packet-vj.c,v 1.17 2003/08/26 05:52:53 guy Exp $
* $Id: packet-vj.c,v 1.18 2004/02/25 09:31:07 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -309,8 +309,7 @@ dissect_vjuc(tvbuff_t *tvb, packet_info *pinfo, proto_tree * tree)
* Copy packet data to a buffer, and replace the connection index with
* the protocol type (which is always TCP), to give the actual IP header.
*/
buffer = g_malloc(isize);
tvb_memcpy(tvb, buffer, 0, isize);
buffer = tvb_memdup(tvb, 0, isize);
buffer[IP_FIELD_PROTOCOL] = IP_PROTO_TCP;
/* Check IP checksum */

14
packet-wsp.c
View File

@ -2,7 +2,7 @@
*
* Routines to dissect WSP component of WAP traffic.
*
* $Id: packet-wsp.c,v 1.108 2004/02/04 20:19:25 obiot Exp $
* $Id: packet-wsp.c,v 1.109 2004/02/25 09:31:07 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -5645,10 +5645,7 @@ add_post_variable (proto_tree *tree, tvbuff_t *tvb, guint variableStart, guint v
char *variableBuffer;
char *valueBuffer;
variableBuffer = g_malloc (variableLength+1);
strncpy (variableBuffer, (const char *)tvb_get_ptr (tvb,
variableStart, variableLength), variableLength);
variableBuffer[variableLength] = 0;
variableBuffer = tvb_get_string(tvb, variableStart, variableLength);
if (valueEnd < valueStart)
{
@ -5659,10 +5656,9 @@ add_post_variable (proto_tree *tree, tvbuff_t *tvb, guint variableStart, guint v
else
{
valueLength = valueEnd-valueStart;
valueBuffer = g_malloc (valueLength+1);
strncpy (valueBuffer, (const char *)tvb_get_ptr (tvb,
valueStart, valueLength), valueLength);
valueBuffer[valueLength] = 0;
/* XXX - if this throws an exception, "variableBuffer"
is leaked */
valueBuffer = tvb_get_string(tvb, valueStart, valueLength);
}
/* Check for variables with no value */

31
packet-x11.c
View File

@ -3,7 +3,7 @@
* Copyright 2000, Christophe Tronche <ch.tronche@computer.org>
* Copyright 2003, Michael Shuldman
*
* $Id: packet-x11.c,v 1.53 2004/01/18 16:18:30 jmayer Exp $
* $Id: packet-x11.c,v 1.54 2004/02/25 09:31:07 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -1702,13 +1702,15 @@ static void listOfKeycode(tvbuff_t *tvb, int *offsetp, proto_tree *t, int hf,
for (m = 0; m < array_length(modifiers);
++m, *offsetp += keycodes_per_modifier) {
const guint8 *p;
char *bp = buffer;
int i;
p = tvb_get_ptr(tvb, *offsetp, keycodes_per_modifier);
modifiermap[m] = g_malloc(keycodes_per_modifier);
for(i = 0; i < keycodes_per_modifier; ++i) {
guchar c = tvb_get_guint8(tvb, *offsetp + i);
guchar c = p[i];
if (c)
bp += sprintf(bp, " %s=%d", modifiers[m], c);
@ -1717,9 +1719,8 @@ static void listOfKeycode(tvbuff_t *tvb, int *offsetp, proto_tree *t, int hf,
}
proto_tree_add_bytes_format(tt, hf_x11_keycodes_item, tvb,
*offsetp, keycodes_per_modifier,
tvb_get_ptr(tvb, *offsetp, keycodes_per_modifier),
"item: %s", buffer);
*offsetp, keycodes_per_modifier, p,
"item: %s", buffer);
}
}
@ -2317,22 +2318,14 @@ static void setOfPointerEvent(tvbuff_t *tvb, int *offsetp, proto_tree *t,
static void string8(tvbuff_t *tvb, int *offsetp, proto_tree *t,
int hf, unsigned length)
{
char *s = g_malloc(length + 1);
const guint8 *p;
char *s;
/*
* In case we throw an exception, clean up whatever stuff we've
* allocated (if any).
*/
CLEANUP_PUSH(g_free, s);
stringCopy(s, tvb_get_ptr(tvb, *offsetp, length), length);
p = tvb_get_ptr(tvb, *offsetp, length);
s = g_malloc(length + 1);
stringCopy(s, p, length);
proto_tree_add_string(t, hf, tvb, *offsetp, length, s);
/*
* Call the cleanup handler to free the string and pop the handler.
*/
CLEANUP_CALL_AND_POP;
g_free(s);
*offsetp += length;
}

10
packet-xdmcp.c
View File

@ -2,7 +2,7 @@
* Routines for XDMCP message dissection
* Copyright 2002, Pasi Eronen <pasi.eronen@nixu.com>
*
* $Id: packet-xdmcp.c,v 1.4 2003/12/21 05:51:34 jmayer Exp $
* $Id: packet-xdmcp.c,v 1.5 2004/02/25 09:31:07 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -111,12 +111,14 @@ static void stringCopy(char *dest, const char *source, int length)
static gint xdmcp_add_string(proto_tree *tree, gint hf,
tvbuff_t *tvb, gint offset)
{
const guint8 *p;
char *str;
guint len;
len = tvb_get_ntohs(tvb, offset);
p = tvb_get_ptr(tvb, offset+2, len);
str = g_malloc(len+1);
stringCopy(str, tvb_get_ptr(tvb, offset+2, len), len);
stringCopy(str, p, len);
proto_tree_add_string(tree, hf, tvb, offset, len+2, str);
g_free(str);
@ -126,12 +128,14 @@ static gint xdmcp_add_string(proto_tree *tree, gint hf,
static gint xdmcp_add_text(proto_tree *tree, const char *text,
tvbuff_t *tvb, gint offset)
{
const guint8 *p;
char *str;
guint len;
len = tvb_get_ntohs(tvb, offset);
p = tvb_get_ptr(tvb, offset+2, len);
str = g_malloc(len+1);
stringCopy(str, tvb_get_ptr(tvb, offset+2, len), len);
stringCopy(str, p, len);
proto_tree_add_text(tree, tvb, offset, len+2, "%s: %s", text, str);
g_free(str);