From Neil Kettle
Fix two potential buffer overflow bugs in fc els svn path=/trunk/; revision=14027
This commit is contained in:
parent
df98534657
commit
a55085054c
1
AUTHORS
1
AUTHORS
|
@ -2429,6 +2429,7 @@ Jaap Keuter <jaap.keuter [AT] xs4all.nl>
|
||||||
Frederic Peters <fpeters [AT] debian.org>
|
Frederic Peters <fpeters [AT] debian.org>
|
||||||
Anton Ivanov <anthony_johnson [AT] mail.ru>
|
Anton Ivanov <anthony_johnson [AT] mail.ru>
|
||||||
Ilya Konstantinov <future [AT] shiny.co.il>
|
Ilya Konstantinov <future [AT] shiny.co.il>
|
||||||
|
Neil Kettle <njk4 [AT] kent.ac.uk>
|
||||||
|
|
||||||
Alain Magloire <alainm[AT]rcsm.ece.mcgill.ca> was kind enough to
|
Alain Magloire <alainm[AT]rcsm.ece.mcgill.ca> was kind enough to
|
||||||
give his permission to use his version of snprintf.c.
|
give his permission to use his version of snprintf.c.
|
||||||
|
|
|
@ -476,6 +476,9 @@ construct_rcptctl_string (guint16 flag, gchar *flagstr, guint8 opcode)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Maximum length of possible string from, construct_*_string
|
||||||
|
* 296 bytes, FIX possible buffer overflow */
|
||||||
|
#define FCELS_LOGI_MAXSTRINGLEN 512
|
||||||
|
|
||||||
static void
|
static void
|
||||||
dissect_fcels_logi (tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree,
|
dissect_fcels_logi (tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree,
|
||||||
|
@ -487,7 +490,7 @@ dissect_fcels_logi (tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree,
|
||||||
class;
|
class;
|
||||||
proto_tree *logi_tree, *cmnsvc_tree;
|
proto_tree *logi_tree, *cmnsvc_tree;
|
||||||
proto_item *subti;
|
proto_item *subti;
|
||||||
gchar flagstr[256];
|
gchar flagstr[FCELS_LOGI_MAXSTRINGLEN];
|
||||||
guint16 flag;
|
guint16 flag;
|
||||||
|
|
||||||
if (tree) {
|
if (tree) {
|
||||||
|
@ -1064,6 +1067,10 @@ dissect_fcels_lsts (tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Maximum length of possible string from, dissect_fcels_prlilo_payload
|
||||||
|
* 119 bytes, FIX possible buffer overflow */
|
||||||
|
#define FCELS_PRLILO_MAXSTRINGLEN 256
|
||||||
|
|
||||||
static void
|
static void
|
||||||
dissect_fcels_prlilo_payload (tvbuff_t *tvb, packet_info *pinfo _U_,
|
dissect_fcels_prlilo_payload (tvbuff_t *tvb, packet_info *pinfo _U_,
|
||||||
guint8 isreq, proto_item *ti, guint8 opcode)
|
guint8 isreq, proto_item *ti, guint8 opcode)
|
||||||
|
@ -1074,7 +1081,7 @@ dissect_fcels_prlilo_payload (tvbuff_t *tvb, packet_info *pinfo _U_,
|
||||||
proto_tree *prli_tree, *svcpg_tree;
|
proto_tree *prli_tree, *svcpg_tree;
|
||||||
int num_svcpg, payload_len, i, flag;
|
int num_svcpg, payload_len, i, flag;
|
||||||
proto_item *subti;
|
proto_item *subti;
|
||||||
gchar flagstr[100];
|
gchar flagstr[FCELS_PRLILO_MAXSTRINGLEN];
|
||||||
|
|
||||||
/* We're assuming that we're invoked only if tree is not NULL i.e.
|
/* We're assuming that we're invoked only if tree is not NULL i.e.
|
||||||
* we don't do the usual "if (tree)" check here, the caller must.
|
* we don't do the usual "if (tree)" check here, the caller must.
|
||||||
|
|
Loading…
Reference in New Issue