From b39a736e918294f27b8218c1b2dd8ac82fbb77e6 Mon Sep 17 00:00:00 2001
From: Dario Lombardo <lomato@gmail.com>
Date: Mon, 25 Mar 2019 10:20:10 +0100
Subject: [PATCH] iseries: ensure the buffer is null terminated.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Check buflen to prevent wrong scanf call as well.

Bug: 15614
Change-Id: I58a2855d8b1beda067bf9b2d724229ab20249228
Reviewed-on: https://code.wireshark.org/review/32573
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
---
 wiretap/CMakeLists.txt | 2 +-
 wiretap/iseries.c      | 9 ++++++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/wiretap/CMakeLists.txt b/wiretap/CMakeLists.txt
index ec3ce85be6..b29e85a7d9 100644
--- a/wiretap/CMakeLists.txt
+++ b/wiretap/CMakeLists.txt
@@ -159,7 +159,7 @@ CHECKAPI(
 	NAME
 	  wiretap
 	SWITCHES
-	  --group abort:10 --summary-group abort
+	  --group abort:11 --summary-group abort
 	  --group termoutput:1 --summary-group termoutput
 	  --build
 	SOURCES
diff --git a/wiretap/iseries.c b/wiretap/iseries.c
index 9911cc39d2..3a53e6495a 100644
--- a/wiretap/iseries.c
+++ b/wiretap/iseries.c
@@ -431,6 +431,11 @@ iseries_seek_next_packet (wtap * wth, int *err, gchar **err_info)
           buflen = (long) strlen (buf);
         }
       ascii_strup_inplace (buf);
+      /* Check we have enough data in the line */
+      if (buflen < 78)
+        {
+          continue;
+        }
       /* If packet header found return the offset */
       num_items_scanned =
         sscanf (buf+78,
@@ -985,8 +990,10 @@ iseries_UNICODE_to_ASCII (guint8 * buf, guint bytes)
             bufptr++;
         }
       if (buf[i] == 0x0A)
-        return i;
+        break;
     }
+  g_assert(bufptr < buf + bytes);
+  *bufptr = '\0';
   return i;
 }