POP: replace wmem_strndup by tvb_memcpy
gdd3b977 introduced the use of wmem_strndup to ensure that the string is NULL terminated. But it also stops as soon as it finds a NULL character, which can happen with malformed packets. So let's copy all the bytes with tvb_memcpy and add manually a NULL character at the end of the buffer for safeness. Bug: 13074 Change-Id: I9ae65d739a92bc6167e4acfc275e1909f3890815 Reviewed-on: https://code.wireshark.org/review/18582 Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This commit is contained in:
parent
d8fca58c16
commit
e3b2b2fdc3
|
@ -136,7 +136,7 @@ dissect_pop(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
|
|||
proto_tree *pop_tree, *reqresp_tree;
|
||||
proto_item *ti;
|
||||
gint offset = 0;
|
||||
const guchar *line;
|
||||
guchar *line;
|
||||
gint next_offset;
|
||||
int linelen;
|
||||
int tokenlen;
|
||||
|
@ -165,13 +165,11 @@ dissect_pop(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
|
|||
|
||||
/*
|
||||
* Find the end of the first line.
|
||||
*
|
||||
* Note that "tvb_find_line_end()" will return a value that is
|
||||
* not longer than what's in the buffer, so the "tvb_get_ptr()"
|
||||
* call won't throw an exception.
|
||||
*/
|
||||
linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE);
|
||||
line = wmem_strndup(wmem_packet_scope(), tvb_get_ptr(tvb, offset, linelen), linelen);
|
||||
line = (guchar*)wmem_alloc(wmem_packet_scope(), linelen+1);
|
||||
tvb_memcpy(tvb, line, offset, linelen);
|
||||
line[linelen] = '\0';
|
||||
|
||||
if (pinfo->match_uint == pinfo->destport) {
|
||||
is_request = TRUE;
|
||||
|
|
Loading…
Reference in New Issue