osmocom
/
wireshark
14
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

PNIO: Fix another potential OOB write. 

Bug: 13847
Change-Id: I62bb519b8e37112a59a7d209b39780f034dbcd0c
Reviewed-on: https://code.wireshark.org/review/23267
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This commit is contained in:
Gerald Combs 2017-08-28 10:30:05 -07:00 committed by Michael Mann
parent 0f9935e9a1
commit c9d0554840
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
plugins/profinet/packet-dcerpc-pn-io.c
View File

@ -9403,7 +9403,8 @@ dissect_ExpectedSubmoduleBlockReq_block(tvbuff_t *tvb, int offset,
/* Initial */
io_data_object = wmem_new0(wmem_file_scope(), ioDataObject);
io_data_object->profisafeSupported = FALSE;
io_data_object->moduleNameStr = wmem_strdup(wmem_file_scope(), "Unknown");
io_data_object->moduleNameStr = (gchar*)wmem_alloc(wmem_file_scope(), MAX_NAMELENGTH);
g_strlcpy(io_data_object->moduleNameStr, "Unknown", MAX_NAMELENGTH);
vendorMatch = FALSE;
deviceMatch = FALSE;
gsdmlFoundFlag = FALSE;
@ -9639,7 +9640,7 @@ dissect_ExpectedSubmoduleBlockReq_block(tvbuff_t *tvb, int offset,
/* Find a String with the saved TextID and with a fitting value for it in the same line. This value is the name of the Module! */
if(((strstr(temp, tmp_moduletext)) != NULL) && ((strstr(temp, moduleValueInfo)) != NULL)) {
pch = strstr(temp, moduleValueInfo);
if (pch != NULL && sscanf(pch, "Value=\"%[^\"]", io_data_object->moduleNameStr) == 1)
if (pch != NULL && sscanf(pch, "Value=\"%199[^\"]", io_data_object->moduleNameStr) == 1)
break; /* Found the name of the module */
}
}