osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

proto.c: protect against buffer overflow in proto_find_undecoded_data() 

Bug: 14128
Change-Id: I01aadf2dc9a3f714caaef273a7e012c6f1840726
Reviewed-on: https://code.wireshark.org/review/24088
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
This commit is contained in:
Pascal Quantin 2017-10-26 23:23:17 +02:00 committed by Michael Mann
parent a0973d0f94
commit ed20250c13
1 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
epan/proto.c
View File

@ -9682,21 +9682,25 @@ proto_find_field_from_offset(proto_tree *tree, guint offset, tvbuff_t *tvb)
return offsearch.finfo;
}
typedef struct {
gint length;
gchar *buf;
} decoded_data_t;
static gboolean
check_for_undecoded(proto_node *node, gpointer data)
{
field_info *fi = PNODE_FINFO(node);
gchar* decoded = (gchar*)data;
decoded_data_t* decoded = (decoded_data_t*)data;
gint i;
guint byte;
guint bit;
if (fi && fi->hfinfo->type != FT_PROTOCOL) {
for (i = fi->start; i < fi->start + fi->length; i++) {
for (i = fi->start; i < fi->start + fi->length && i < decoded->length; i++) {
byte = i / 8;
bit = i % 8;
decoded[byte] |= (1 << bit);
decoded->buf[byte] |= (1 << bit);
}
}
@ -9706,10 +9710,12 @@ check_for_undecoded(proto_node *node, gpointer data)
gchar*
proto_find_undecoded_data(proto_tree *tree, guint length)
{
gchar* decoded = (gchar*)wmem_alloc0(wmem_packet_scope(), length / 8 + 1);
decoded_data_t decoded;
decoded.length = length;
decoded.buf = (gchar*)wmem_alloc0(wmem_packet_scope(), length / 8 + 1);
proto_tree_traverse_pre_order(tree, check_for_undecoded, decoded);
return decoded;
proto_tree_traverse_pre_order(tree, check_for_undecoded, &decoded);
return decoded.buf;
}
/* Dumps the protocols in the registration database to stdout. An independent