Fix a format string vulneratility in the AFP dissector identified
by iDEFENSE. Add constant format strings to proto_item_append_text() in a bunch of other dissectors. Copy a comment from proto.c to proto.h. svn path=/trunk/; revision=14713
This commit is contained in:
Gerald Combs
parent
c3cfe365cf
commit
3a6c9ab134
|
|
@ -1723,7 +1723,7 @@ get_name(tvbuff_t *tvb, int offset, int type)
|
|||
string = tvb_format_text(tvb,offset, len);
|
||||
break;
|
||||
default:
|
||||
string = "unknow type";
|
||||
string = "Unknown type";
|
||||
break;
|
||||
}
|
||||
return string;
|
||||
|
|
@ -1902,7 +1902,7 @@ dissect_reply_afp_get_server_param(tvbuff_t *tvb, packet_info *pinfo _U_, proto_
|
|||
|
||||
len = tvb_get_guint8(tvb, offset) +1;
|
||||
rep = get_name(tvb, offset, 2);
|
||||
proto_item_set_text(item, rep);
|
||||
proto_item_set_text(item, "%s", rep);
|
||||
proto_item_set_len(item, len +1);
|
||||
|
||||
proto_tree_add_item(tree, hf_afp_vol_name, tvb, offset, 1,FALSE);
|
||||
|
|
|
|||
|
|
@ -1716,7 +1716,7 @@ dissect_ansi_637_trans_param(tvbuff_t *tvb, proto_tree *tree, guint32 *offset)
|
|||
|
||||
if (ansi_637_add_string[0] != '\0')
|
||||
{
|
||||
proto_item_append_text(item, ansi_637_add_string);
|
||||
proto_item_append_text(item, "%s", ansi_637_add_string);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1992,7 +1992,7 @@ elem_cell_id_list(tvbuff_t *tvb, proto_tree *tree, guint32 offset, guint len, gc
|
|||
|
||||
if (add_string[0] != '\0')
|
||||
{
|
||||
proto_item_append_text(item, add_string);
|
||||
proto_item_append_text(item, "%s", add_string);
|
||||
}
|
||||
|
||||
proto_item_set_len(item, consumed);
|
||||
|
|
@ -2189,7 +2189,7 @@ elem_downlink_re(tvbuff_t *tvb, proto_tree *tree, guint32 offset, guint len, gch
|
|||
|
||||
if (add_string[0] != '\0')
|
||||
{
|
||||
proto_item_append_text(item, add_string);
|
||||
proto_item_append_text(item, "%s", add_string);
|
||||
}
|
||||
|
||||
proto_item_set_len(item, consumed);
|
||||
|
|
@ -2337,7 +2337,7 @@ elem_ho_pow_lev(tvbuff_t *tvb, proto_tree *tree, guint32 offset, guint len, gcha
|
|||
|
||||
if (add_string[0] != '\0')
|
||||
{
|
||||
proto_item_append_text(item, add_string);
|
||||
proto_item_append_text(item, "%s", add_string);
|
||||
}
|
||||
|
||||
proto_item_set_len(item, consumed);
|
||||
|
|
@ -2380,7 +2380,7 @@ elem_ho_pow_lev(tvbuff_t *tvb, proto_tree *tree, guint32 offset, guint len, gcha
|
|||
|
||||
if (add_string[0] != '\0')
|
||||
{
|
||||
proto_item_append_text(item, add_string);
|
||||
proto_item_append_text(item, "%s", add_string);
|
||||
}
|
||||
|
||||
proto_item_set_len(item, consumed);
|
||||
|
|
@ -6055,7 +6055,7 @@ elem_tlv(tvbuff_t *tvb, proto_tree *tree, elem_idx_t idx, guint32 offset, guint
|
|||
|
||||
if (a_add_string[0] != '\0')
|
||||
{
|
||||
proto_item_append_text(item, a_add_string);
|
||||
proto_item_append_text(item, "%s", a_add_string);
|
||||
a_add_string[0] = '\0';
|
||||
}
|
||||
}
|
||||
|
|
@ -6117,7 +6117,7 @@ elem_tv(tvbuff_t *tvb, proto_tree *tree, elem_idx_t idx, guint32 offset, gchar *
|
|||
|
||||
if (a_add_string[0] != '\0')
|
||||
{
|
||||
proto_item_append_text(item, a_add_string);
|
||||
proto_item_append_text(item, "%s", a_add_string);
|
||||
a_add_string[0] = '\0';
|
||||
}
|
||||
}
|
||||
|
|
@ -6210,7 +6210,7 @@ elem_lv(tvbuff_t *tvb, proto_tree *tree, elem_idx_t idx, guint32 offset, guint l
|
|||
|
||||
if (a_add_string[0] != '\0')
|
||||
{
|
||||
proto_item_append_text(item, a_add_string);
|
||||
proto_item_append_text(item, "%s", a_add_string);
|
||||
a_add_string[0] = '\0';
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12811,7 +12811,7 @@ dissect_ansi_param(ASN1_SCK *asn1, proto_tree *tree)
|
|||
|
||||
if (ansi_map_add_string[0] != '\0')
|
||||
{
|
||||
proto_item_append_text(item, ansi_map_add_string);
|
||||
proto_item_append_text(item, "%s", ansi_map_add_string);
|
||||
ansi_map_add_string[0] = '\0';
|
||||
}
|
||||
}
|
||||
|
|
@ -12869,7 +12869,7 @@ dissect_ansi_params(ASN1_SCK *asn1, proto_tree *tree)
|
|||
|
||||
if (ansi_map_add_string[0] != '\0')
|
||||
{
|
||||
proto_item_append_text(item, ansi_map_add_string);
|
||||
proto_item_append_text(item, "%s", ansi_map_add_string);
|
||||
ansi_map_add_string[0] = '\0';
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1704,7 +1704,7 @@ dissect_spoolss_relstrarray(tvbuff_t *tvb, int offset, packet_info *pinfo,
|
|||
|
||||
relstr_len = relstr_end - relstr_start;
|
||||
|
||||
proto_item_append_text(item, text);
|
||||
proto_item_append_text(item, "%s", text);
|
||||
|
||||
if (data)
|
||||
*data = text;
|
||||
|
|
@ -6325,7 +6325,7 @@ dissect_spoolss_printer_enum_values(tvbuff_t *tvb, int offset,
|
|||
|
||||
subtree = proto_item_add_subtree(item, ett_printer_enumdataex_value);
|
||||
|
||||
proto_item_append_text(item, name);
|
||||
proto_item_append_text(item, "%s", name);
|
||||
|
||||
proto_tree_add_text(
|
||||
subtree, tvb, offset - 8, 4, "Name offset: %d", name_offset);
|
||||
|
|
|
|||
|
|
@ -2208,7 +2208,7 @@ be_cell_id_list(tvbuff_t *tvb, proto_tree *tree, guint32 offset, guint len, gcha
|
|||
|
||||
if (add_string[0] != '\0')
|
||||
{
|
||||
proto_item_append_text(item, add_string);
|
||||
proto_item_append_text(item, "%s", add_string);
|
||||
}
|
||||
|
||||
proto_item_set_len(item, consumed);
|
||||
|
|
@ -11356,7 +11356,7 @@ elem_tlv(tvbuff_t *tvb, proto_tree *tree, guint8 iei, gint pdu_type, int idx, gu
|
|||
|
||||
if (a_add_string[0] != '\0')
|
||||
{
|
||||
proto_item_append_text(item, a_add_string);
|
||||
proto_item_append_text(item, "%s", a_add_string);
|
||||
a_add_string[0] = '\0';
|
||||
}
|
||||
}
|
||||
|
|
@ -11425,7 +11425,7 @@ elem_tv(tvbuff_t *tvb, proto_tree *tree, guint8 iei, gint pdu_type, int idx, gui
|
|||
|
||||
if (a_add_string[0] != '\0')
|
||||
{
|
||||
proto_item_append_text(item, a_add_string);
|
||||
proto_item_append_text(item, "%s", a_add_string);
|
||||
a_add_string[0] = '\0';
|
||||
}
|
||||
}
|
||||
|
|
@ -11498,7 +11498,7 @@ elem_tv_short(tvbuff_t *tvb, proto_tree *tree, guint8 iei, gint pdu_type, int id
|
|||
|
||||
if (a_add_string[0] != '\0')
|
||||
{
|
||||
proto_item_append_text(item, a_add_string);
|
||||
proto_item_append_text(item, "%s", a_add_string);
|
||||
a_add_string[0] = '\0';
|
||||
}
|
||||
}
|
||||
|
|
@ -11598,7 +11598,7 @@ elem_lv(tvbuff_t *tvb, proto_tree *tree, gint pdu_type, int idx, guint32 offset,
|
|||
|
||||
if (a_add_string[0] != '\0')
|
||||
{
|
||||
proto_item_append_text(item, a_add_string);
|
||||
proto_item_append_text(item, "%s", a_add_string);
|
||||
a_add_string[0] = '\0';
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -320,7 +320,7 @@ append_pduval_str(proto_item *ti, int type, int len, tvbuff_t *tvb, int offset,
|
|||
{
|
||||
if (!first)
|
||||
proto_item_append_text(ti, " ");
|
||||
proto_item_append_text(ti, strval);
|
||||
proto_item_append_text(ti, "%s", strval);
|
||||
}
|
||||
}
|
||||
proto_item_append_text(ti, ")");
|
||||
|
|
|
|||
|
|
@ -1142,7 +1142,7 @@ padd_date(ptvcursor_t *ptvc, const ptvc_record *rec)
|
|||
|
||||
uint_to_nwdate(get_item_value(item), &nw_date);
|
||||
|
||||
proto_item_set_text(item, get_item_name(item));
|
||||
proto_item_set_text(item, "%s", get_item_name(item));
|
||||
proto_item_append_text(item, ": %04u/%02u/%02u",
|
||||
nw_date.year, nw_date.month, nw_date.day);
|
||||
return item;
|
||||
|
|
@ -1162,7 +1162,7 @@ padd_time(ptvcursor_t *ptvc, const ptvc_record *rec)
|
|||
|
||||
uint_to_nwtime(get_item_value(item), &nw_time);
|
||||
|
||||
proto_item_set_text(item, get_item_name(item));
|
||||
proto_item_set_text(item, "%s", get_item_name(item));
|
||||
proto_item_append_text(item, ": %02u:%02u:%02u",
|
||||
nw_time.hour, nw_time.minute, nw_time.second);
|
||||
return item;
|
||||
|
|
@ -1185,7 +1185,7 @@ padd_uni(ptvcursor_t *ptvc, const ptvc_record *rec)
|
|||
item = ptvcursor_add(ptvc, *rec->hf_ptr,
|
||||
rec->length, rec->endianness);
|
||||
|
||||
proto_item_set_text(item, get_item_name(item));
|
||||
proto_item_set_text(item, "%s", get_item_name(item));
|
||||
proto_item_append_text(item, " %s",
|
||||
nw_uni.buffer);
|
||||
|
||||
|
|
|
|||
|
|
@ -1036,7 +1036,7 @@ DEBUG_ENTRY("dissect_per_choice");
|
|||
} else {
|
||||
guint32 new_offset;
|
||||
|
||||
proto_item_set_text(choiceitem, choice[index].name);
|
||||
proto_item_set_text(choiceitem, "%s", choice[index].name);
|
||||
new_offset=choice[index].func(tvb, offset, pinfo, choicetree);
|
||||
|
||||
if((new_offset>(offset+(length*8)))||((new_offset+8)<(offset+length*8))){
|
||||
|
|
|
|||
|
|
@ -1237,7 +1237,7 @@ dissect_rsvp_session (proto_tree *ti, tvbuff_t *tvb,
|
|||
proto_tree_add_text(rsvp_object_tree, tvb, offset+2, 1,
|
||||
"Class number: %u - %s",
|
||||
class, type_str);
|
||||
proto_item_set_text(ti, summary_session(tvb, offset));
|
||||
proto_item_set_text(ti, "%s", summary_session(tvb, offset));
|
||||
|
||||
switch(type) {
|
||||
case RSVP_SESSION_TYPE_IPV4:
|
||||
|
|
@ -1866,7 +1866,7 @@ dissect_rsvp_template_filter (proto_tree *ti, tvbuff_t *tvb,
|
|||
break;
|
||||
}
|
||||
|
||||
proto_item_set_text(ti, summary_template(tvb, offset));
|
||||
proto_item_set_text(ti, "%s", summary_template(tvb, offset));
|
||||
switch(type) {
|
||||
case 1:
|
||||
proto_tree_add_text(rsvp_object_tree, tvb, offset+3, 1,
|
||||
|
|
|
|||
|
|
@ -841,7 +841,7 @@ static const char cont_sep[] = ", ";
|
|||
if(item){ \
|
||||
string = get_manuf_name(mac); \
|
||||
proto_item_append_text(item, " ("); \
|
||||
proto_item_append_text(item, string); \
|
||||
proto_item_append_text(item, "%s", string); \
|
||||
proto_item_append_text(item, ")"); \
|
||||
}
|
||||
|
||||
|
|
|
|||
14
epan/proto.h
14
epan/proto.h
|
|
@ -907,7 +907,19 @@ proto_tree_add_debug_text(proto_tree *tree, const char *format,
|
|||
|
||||
|
||||
|
||||
/** Append a string to a protocol item.
|
||||
/** Append a string to a protocol item.<br>
|
||||
NOTE: this function will break with the TRY_TO_FAKE_THIS_ITEM()
|
||||
speed optimization.
|
||||
Currently only WSP use this function so it is not that bad but try to
|
||||
avoid using this one if possible.
|
||||
IF you must use this function you MUST also disable the
|
||||
TRY_TO_FAKE_THIS_ITEM() optimization for your dissector/function
|
||||
using proto_item_append_string().
|
||||
Do that by faking that the tree is visible by setting :
|
||||
PTREE_DATA(tree)->visible=1; (see packet-wsp.c)
|
||||
BEFORE you create the item you are later going to use
|
||||
proto_item_append_string() on.
|
||||
|
||||
@param pi the item to append the string to
|
||||
@param str the string to append */
|
||||
extern void
|
||||
|
|
|
|||
|
|
@ -949,7 +949,7 @@ gboolean check_iap_octet_result(tvbuff_t* tvb, proto_tree* tree, unsigned offset
|
|||
if (tree)
|
||||
{
|
||||
proto_item* ti = proto_tree_add_item(tree, hf_iap_invaloctet, tvb, offset, 0, FALSE);
|
||||
proto_item_append_text(ti, attr_name);
|
||||
proto_item_append_text(ti, "%s", attr_name);
|
||||
proto_item_append_text(ti, "\" attribute must be octet sequence!");
|
||||
}
|
||||
|
||||
|
|
@ -975,7 +975,7 @@ guint8 check_iap_lsap_result(tvbuff_t* tvb, proto_tree* tree, unsigned offset,
|
|||
if (tree)
|
||||
{
|
||||
proto_item* ti = proto_tree_add_item(tree, hf_iap_invallsap, tvb, offset, 0, FALSE);
|
||||
proto_item_append_text(ti, attr_name);
|
||||
proto_item_append_text(ti, "%s", attr_name);
|
||||
proto_item_append_text(ti, "\" attribute must be integer value between 0x01 and 0x6F!");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -334,7 +334,7 @@ pn_append_info(packet_info *pinfo, proto_item *dcp_item, char *text)
|
|||
if (check_col(pinfo->cinfo, COL_INFO))
|
||||
col_append_fstr(pinfo->cinfo, COL_INFO, text);
|
||||
|
||||
proto_item_append_text(dcp_item, text);
|
||||
proto_item_append_text(dcp_item, "%s", text);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue