Protect UAT color "datatype" from an empty string

UAT color "datatype" has the format of #XXXXXX so the XXXXXX is strduped to pass to strtol(). The "pointer math" assumed the # was always present and would result in large memory allocation if string was empty. Bug: 14357 Change-Id: Idc43b17f0e07705880d0d77f106991d10e09f072 Reviewed-on: https://code.wireshark.org/review/25504 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot Reviewed-by: Michael Mann <mmann78@netscape.net>
author: Michael Mann <mmann78@netscape.net> 2018-01-28 16:26:31 -0500
committer: Michael Mann <mmann78@netscape.net> 2018-01-29 00:03:16 +0000
commit: 907d8ff41f37f8eaed5e4c64ab322f33ea2c6802 (patch)
tree: ee4681b85ffac9daa6a46703148e9f6f136be8fa
parent: 5c1247301461b842d8a624195bb057b534e0a17e (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/epan/uat.h b/epan/uat.h
index f3305b4b5d..6e63fe5f51 100644
--- a/epan/uat.h
+++ b/epan/uat.h
@@ -632,10 +632,14 @@ static void basename ## _ ## field_name ## _tostr_cb(void* rec, char** out_ptr,
 
 /*
  * Color Macros,
- *   an boolean value contained in
+ *   an #RRGGBB color value contained in
  */
 #define UAT_COLOR_CB_DEF(basename,field_name,rec_t) \
 static void basename ## _ ## field_name ## _set_cb(void* rec, const char* buf, guint len, const void* UNUSED_PARAMETER(u1), const void* UNUSED_PARAMETER(u2)) {\
+	if (len < 1) { \
+		((rec_t*)rec)->field_name = 0; \
+		return; \
+	} \
 	char* tmp_str = g_strndup(buf+1,len-1); \
 	((rec_t*)rec)->field_name = (guint)strtol(tmp_str,NULL,16); \
 	g_free(tmp_str); } \
author	Michael Mann <mmann78@netscape.net>	2018-01-28 16:26:31 -0500
committer	Michael Mann <mmann78@netscape.net>	2018-01-29 00:03:16 +0000
commit	907d8ff41f37f8eaed5e4c64ab322f33ea2c6802 (patch)
tree	ee4681b85ffac9daa6a46703148e9f6f136be8fa
parent	5c1247301461b842d8a624195bb057b534e0a17e (diff)