From Abhik Sarkar via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2647 :
The syslog dissector could crash if the "packlog" MSU is truncated such that the hex string ends in with a nibble. From me: Check if that will happen and chop off the nibble before giving it to convert_string_to_hex() so we'll dissect as much of the MSU as possible. svn path=/trunk/; revision=25612
This commit is contained in:
parent
72965329b0
commit
9bc8f579a1
|
@ -180,7 +180,7 @@ static dissector_handle_t mtp_handle;
|
||||||
static tvbuff_t *
|
static tvbuff_t *
|
||||||
mtp3_msu_present(gint fac, gint level, const char *msg_str)
|
mtp3_msu_present(gint fac, gint level, const char *msg_str)
|
||||||
{
|
{
|
||||||
size_t nbytes;
|
size_t nbytes, len;
|
||||||
gchar **split_string, *msu_hex_dump;
|
gchar **split_string, *msu_hex_dump;
|
||||||
tvbuff_t *mtp3_tvb = NULL;
|
tvbuff_t *mtp3_tvb = NULL;
|
||||||
guint8 *byte_array;
|
guint8 *byte_array;
|
||||||
|
@ -198,11 +198,22 @@ mtp3_msu_present(gint fac, gint level, const char *msg_str)
|
||||||
split_string = g_strsplit(msg_str, "msu=", 2);
|
split_string = g_strsplit(msg_str, "msu=", 2);
|
||||||
msu_hex_dump = split_string[1];
|
msu_hex_dump = split_string[1];
|
||||||
|
|
||||||
if (msu_hex_dump && strlen(msu_hex_dump)) {
|
if (msu_hex_dump && (len = strlen(msu_hex_dump))) {
|
||||||
|
|
||||||
|
/* convert_string_to_hex() will return NULL if it gets an incomplete
|
||||||
|
* byte. If we have an odd string length then chop off the remaining
|
||||||
|
* nibble so we can get at least a partial MSU (chances are the
|
||||||
|
* subdissector will assert out, of course).
|
||||||
|
*/
|
||||||
|
if (len % 2)
|
||||||
|
msu_hex_dump[len - 1] = '\0';
|
||||||
|
|
||||||
byte_array = convert_string_to_hex(msu_hex_dump, &nbytes);
|
byte_array = convert_string_to_hex(msu_hex_dump, &nbytes);
|
||||||
|
|
||||||
mtp3_tvb = tvb_new_real_data(byte_array, nbytes, nbytes);
|
if (byte_array) {
|
||||||
tvb_set_free_cb(mtp3_tvb, g_free);
|
mtp3_tvb = tvb_new_real_data(byte_array, nbytes, nbytes);
|
||||||
|
tvb_set_free_cb(mtp3_tvb, g_free);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
g_strfreev(split_string);
|
g_strfreev(split_string);
|
||||||
|
|
Loading…
Reference in New Issue