osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

RPC: Do not truncate string blindly 

The code is mixing character offsets with byte offsets. Do not
blindly truncate an UTF-8 string on a random length, it is likely
to be wrong and generate encoding errors.

Rename some variables for clarity.

Fixes #18399.
This commit is contained in:
João Valverde 2022-10-03 12:43:28 +01:00
parent e091e8755a
commit 241610b13f
1 changed files with 14 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
epan/dissectors/packet-rpc.c
View File

@ -714,7 +714,8 @@ dissect_rpc_opaque_data(tvbuff_t *tvb, int offset,
/* int string_item_offset; */
char *string_buffer = NULL;
const char *string_buffer_print = NULL;
uint8_t *bytes_buffer;
const char *formatted_text = NULL;
if (fixed_length) {
string_length = length;
@ -780,9 +781,9 @@ dissect_rpc_opaque_data(tvbuff_t *tvb, int offset,
if (string_data) {
string_buffer = tvb_get_string_enc(wmem_packet_scope(), tvb, data_offset, string_length_copy, ENC_ASCII);
} else {
string_buffer = (char *)tvb_memcpy(tvb, wmem_alloc(wmem_packet_scope(), string_length_copy+1), data_offset, string_length_copy);
bytes_buffer = tvb_memcpy(tvb, wmem_alloc(wmem_packet_scope(), string_length_copy), data_offset, string_length_copy);
}
string_buffer[string_length_copy] = '\0';
/* calculate a nice printable string */
if (string_length) {
if (string_length != string_length_copy) {
@ -791,25 +792,25 @@ dissect_rpc_opaque_data(tvbuff_t *tvb, int offset,
formatted = format_text(wmem_packet_scope(), string_buffer, strlen(string_buffer));
/* copy over the data and append <TRUNCATED> */
string_buffer_print=wmem_strdup_printf(wmem_packet_scope(), "%s%s", formatted, RPC_STRING_TRUNCATED);
formatted_text=wmem_strdup_printf(wmem_packet_scope(), "%s%s", formatted, RPC_STRING_TRUNCATED);
} else {
string_buffer_print=RPC_STRING_DATA RPC_STRING_TRUNCATED;
formatted_text=RPC_STRING_DATA RPC_STRING_TRUNCATED;
}
} else {
if (string_data) {
string_buffer_print = format_text(wmem_packet_scope(), string_buffer, strlen(string_buffer));
formatted_text = format_text(wmem_packet_scope(), string_buffer, strlen(string_buffer));
} else {
string_buffer_print=RPC_STRING_DATA;
formatted_text=RPC_STRING_DATA;
}
}
} else {
string_buffer_print=RPC_STRING_EMPTY;
formatted_text=RPC_STRING_EMPTY;
}
/* string_item_offset = offset; */
string_tree = proto_tree_add_subtree_format(tree, tvb,offset, -1,
ett_rpc_string, &string_item, "%s: %s", proto_registrar_get_name(hfindex),
string_buffer_print);
formatted_text);
if (!fixed_length) {
proto_tree_add_uint(string_tree, hf_rpc_opaque_length, tvb,offset, 4, string_length);
@ -821,12 +822,12 @@ dissect_rpc_opaque_data(tvbuff_t *tvb, int offset,
proto_tree_add_string_format(string_tree,
hfindex, tvb, offset, string_length_copy,
string_buffer,
"contents: %s", string_buffer_print);
"contents: %s", formatted_text);
} else {
proto_tree_add_bytes_format(string_tree,
hfindex, tvb, offset, string_length_copy,
string_buffer,
"contents: %s", string_buffer_print);
bytes_buffer,
"contents: %s", formatted_text);
}
}
@ -847,7 +848,7 @@ dissect_rpc_opaque_data(tvbuff_t *tvb, int offset,
proto_item_set_end(string_item, tvb, offset);
if (string_buffer_ret != NULL)
*string_buffer_ret = string_buffer_print;
*string_buffer_ret = formatted_text;
/*
* If the data was truncated, throw the appropriate exception,