From 8f0985b19a40cae20e9486070a30f265fdac259c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Valverde?= Date: Wed, 19 Oct 2022 15:08:19 +0100 Subject: [PATCH] SMB: Fix string truncation As far as I can tell, get_unicode_or_ascii_string() always nul-terminates string (as it should), so remove g_strlcpy() copy that can truncate string and produce invalid UTF-8. --- epan/dissectors/packet-smb.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/epan/dissectors/packet-smb.c b/epan/dissectors/packet-smb.c index ec97a57eab..80dc8790c5 100644 --- a/epan/dissectors/packet-smb.c +++ b/epan/dissectors/packet-smb.c @@ -5875,7 +5875,6 @@ dissect_search_resume_key(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree; int fn_len; const char *fn; - char fname[11+1]; DISSECTOR_ASSERT(si); @@ -5892,10 +5891,7 @@ dissect_search_resume_key(tvbuff_t *tvb, packet_info *pinfo _U_, fn = get_unicode_or_ascii_string(tvb, &offset, FALSE/*never Unicode*/, &fn_len, TRUE, TRUE, bcp); CHECK_STRING_SUBR(fn); - /* ensure that it's null-terminated */ - (void) g_strlcpy(fname, fn, 11+1); - proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, 11, - fname); + proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, 11, fn); COUNT_BYTES_SUBR(fn_len); if (has_find_id) { @@ -5931,7 +5927,6 @@ dissect_search_dir_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree; int fn_len; const char *fn; - char fname[13+1]; DISSECTOR_ASSERT(si); @@ -5970,10 +5965,7 @@ dissect_search_dir_info(tvbuff_t *tvb, packet_info *pinfo, fn = get_unicode_or_ascii_string(tvb, &offset, FALSE/*Never Unicode*/, &fn_len, TRUE, TRUE, bcp); CHECK_STRING_SUBR(fn); - /* ensure that it's null-terminated */ - (void) g_strlcpy(fname, fn, 13+1); - proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len, - fname); + proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len, fn); COUNT_BYTES_SUBR(fn_len); *trunc = FALSE;