osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

Fix possible buffer overflow in col_append_sep_fstr() 

After appending separator it might happen that len > max_len, in such case
g_vsnprintf() will overflow the col_buf buffer.

Change-Id: Ic5ff49d30e30509e835165c4cc7e72e31f92fd5f
Reviewed-on: https://code.wireshark.org/review/1493
Reviewed-by: Evan Huus <eapache@gmail.com>
This commit is contained in:
Jakub Zawadzki 2014-05-04 23:06:54 +02:00 committed by Evan Huus
parent f13bbf2707
commit 984e52244f
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
epan/column-utils.c
View File

@ -392,9 +392,11 @@ col_append_sep_fstr(column_info *cinfo, const gint el, const gchar *separator,
len += sep_len;
}
}
va_start(ap, format);
g_vsnprintf(&cinfo->col_buf[i][len], max_len - len, format, ap);
va_end(ap);
if (len < max_len) {
va_start(ap, format);
g_vsnprintf(&cinfo->col_buf[i][len], max_len - len, format, ap);
va_end(ap);
}
}
}
}