osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Limit the maximum *file* name length for exported objects. 

Limiting the maximum *path* name length is bogus; if the user wants to
store the file in some directory deep under the root (UN*X) or the root
of the drive (Windows), that's their choice - don't prevent them from
saving in a directory with a path longer than some maximum or limit the
file name based on the length of the path leading up to it.

Limiting the maximum *file* name is presumably to cope with, for
example, HTTP objects with a URL that had a very long query component,
so it makes sense.

Change-Id: Idfc7de8124ee80bdd4950341ff2239834eb9f6f6
Reviewed-on: https://code.wireshark.org/review/31295
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This commit is contained in:
Guy Harris 2019-01-01 13:04:44 -08:00
parent bac10e5869
commit e12270a730
4 changed files with 33 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
epan/export_object.h
View File

@ -35,6 +35,10 @@ typedef struct _export_object_entry_t {
guint8 *payload_data;
} export_object_entry_t;
/** Maximum file name size for the file to which we save an object.
This is the file name size, not the path name size; we impose
the limit so that the file doesn't have a ridiculously long
name, e.g. an HTTP object where the URL has a long query part. */
#define EXPORT_OBJECT_MAXFILELEN 255
typedef void (*export_object_object_list_add_entry_cb)(void* gui_data, struct _export_object_entry_t *entry);

54
ui/cli/tap-exportobject.c
View File

@ -120,37 +120,31 @@ eo_draw(void *tapdata)
}
}
if ((strlen(save_in_path) < EXPORT_OBJECT_MAXFILELEN)) {
while (slist) {
entry = (export_object_entry_t *)slist->data;
do {
g_free(save_as_fullpath);
if (entry->filename) {
safe_filename = eo_massage_str(entry->filename,
EXPORT_OBJECT_MAXFILELEN - strlen(save_in_path), count);
} else {
char generic_name[EXPORT_OBJECT_MAXFILELEN+1];
const char *ext;
ext = eo_ct2ext(entry->content_type);
g_snprintf(generic_name, sizeof(generic_name),
"object%u%s%s", entry->pkt_num, ext ? "." : "", ext ? ext : "");
safe_filename = eo_massage_str(generic_name,
EXPORT_OBJECT_MAXFILELEN - strlen(save_in_path), count);
}
save_as_fullpath = g_build_filename(save_in_path, safe_filename->str, NULL);
g_string_free(safe_filename, TRUE);
} while (g_file_test(save_as_fullpath, G_FILE_TEST_EXISTS) && ++count < 1000);
count = 0;
if (!eo_save_entry(save_as_fullpath, entry, TRUE))
all_saved = FALSE;
while (slist) {
entry = (export_object_entry_t *)slist->data;
do {
g_free(save_as_fullpath);
save_as_fullpath = NULL;
slist = slist->next;
}
}
else
{
all_saved = FALSE;
if (entry->filename) {
safe_filename = eo_massage_str(entry->filename,
EXPORT_OBJECT_MAXFILELEN, count);
} else {
char generic_name[EXPORT_OBJECT_MAXFILELEN+1];
const char *ext;
ext = eo_ct2ext(entry->content_type);
g_snprintf(generic_name, sizeof(generic_name),
"object%u%s%s", entry->pkt_num, ext ? "." : "", ext ? ext : "");
safe_filename = eo_massage_str(generic_name,
EXPORT_OBJECT_MAXFILELEN, count);
}
save_as_fullpath = g_build_filename(save_in_path, safe_filename->str, NULL);
g_string_free(safe_filename, TRUE);
} while (g_file_test(save_as_fullpath, G_FILE_TEST_EXISTS) && ++count < 1000);
count = 0;
if (!eo_save_entry(save_as_fullpath, entry, TRUE))
all_saved = FALSE;
g_free(save_as_fullpath);
save_as_fullpath = NULL;
slist = slist->next;
}
if (!all_saved)

4
ui/qt/export_object_dialog.cpp
View File

@ -164,7 +164,7 @@ void ExportObjectDialog::saveCurrentEntry()
if (entry_filename.isEmpty())
return;
GString *safe_filename = eo_massage_str(entry_filename.toUtf8().constData(), EXPORT_OBJECT_MAXFILELEN-path.canonicalPath().length(), 0);
GString *safe_filename = eo_massage_str(entry_filename.toUtf8().constData(), EXPORT_OBJECT_MAXFILELEN, 0);
QString file_name = WiresharkFileDialog::getSaveFileName(this, wsApp->windowTitleString(tr("Save Object As" UTF8_HORIZONTAL_ELLIPSIS)),
safe_filename->str);
g_string_free(safe_filename, TRUE);
@ -191,7 +191,7 @@ void ExportObjectDialog::saveAllEntries()
save_in_dir.canonicalPath(),
QFileDialog::ShowDirsOnly);
if (save_in_path.length() < 1 || save_in_path.length() > EXPORT_OBJECT_MAXFILELEN)
if (save_in_path.length() < 1)
return;
if (!model_.saveAllEntries(save_in_path))

6
ui/qt/models/export_objects_model.cpp
View File

@ -175,16 +175,16 @@ bool ExportObjectModel::saveAllEntries(QString path)
g_free(save_as_fullpath);
if (entry->filename)
safe_filename = eo_massage_str(entry->filename,
EXPORT_OBJECT_MAXFILELEN - path.length(), count);
EXPORT_OBJECT_MAXFILELEN, count);
else {
char generic_name[256];
char generic_name[EXPORT_OBJECT_MAXFILELEN+1];
const char *ext;
ext = eo_ct2ext(entry->content_type);
g_snprintf(generic_name, sizeof(generic_name),
"object%u%s%s", entry->pkt_num, ext ? "." : "",
ext ? ext : "");
safe_filename = eo_massage_str(generic_name,
EXPORT_OBJECT_MAXFILELEN - path.length(), count);
EXPORT_OBJECT_MAXFILELEN, count);
}
save_as_fullpath = g_build_filename(path.toUtf8().constData(),
safe_filename->str, NULL);