Fix potential oob write crashes

Bug: 13847 Change-Id: I3a706db25204fe4c1fd1b7be3b17b8c55365dccf Reviewed-on: https://code.wireshark.org/review/23169 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
author: Ulf <ulf33286@gmail.com> 2017-08-22 21:52:29 -0400
committer: Michael Mann <mmann78@netscape.net> 2017-08-23 02:58:08 +0000
commit: 5574b78dae2f607d4ace66ab60d516d0c569357d (patch)
tree: 00dde2f755b716aefed1eb7857683673eecb7203 /extcap
parent: 5c27cb5f83cb2c89cf470a6203fe057d3fa7e322 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/extcap/androiddump.c b/extcap/androiddump.c
index bdd4aaf4db..1e3829dec4 100644
--- a/extcap/androiddump.c
+++ b/extcap/androiddump.c
@@ -1102,7 +1102,7 @@ static int register_interfaces(extcap_parameters * extcap_conf, const char *adb_
                 response[data_length] = '\0';
 
                 data_str = strchr(response, '\n');
-                if (data_str && sscanf(data_str, "%*s %s", pid) == 1) {
+                if (data_str && sscanf(data_str, "%*s %15s", pid) == 1) {
                     g_debug("Android Bluetooth application PID for %s is %s", serial_number, pid);
 
                     result = g_snprintf(check_port_buf, sizeof(check_port_buf), adb_check_port_templace, pid);
@@ -1123,7 +1123,7 @@ static int register_interfaces(extcap_parameters * extcap_conf, const char *adb_
                         response[data_length] = '\0';
 
                         data_str = strchr(response, '\n');
-                        if (data_str && sscanf(data_str, "%*s %s", pid) == 1 && strcmp(pid + 9, "10EA") == 0) {
+                        if (data_str && sscanf(data_str, "%*s %15s", pid) == 1 && strlen(pid) > 10 && strcmp(pid + 9, "10EA") == 0) {
                             g_debug("Bluedroid External Parser Port for %s is %s", serial_number, pid + 9);
                         } else {
                             disable_interface = 1;
@@ -1175,7 +1175,7 @@ static int register_interfaces(extcap_parameters * extcap_conf, const char *adb_
                 else
                     data_str = strchr(response, '\n');
 
-                if (data_str && sscanf(data_str, "%*s %s", pid) == 1) {
+                if (data_str && sscanf(data_str, "%*s %15s", pid) == 1) {
                     g_debug("Android Bluetooth application PID for %s is %s", serial_number, pid);
 
                     result = g_snprintf(check_port_buf, sizeof(check_port_buf), adb_check_port_templace, pid);
@@ -1196,7 +1196,7 @@ static int register_interfaces(extcap_parameters * extcap_conf, const char *adb_
                         response[data_length] = '\0';
 
                         data_str = strchr(response, '\n');
-                        if (data_str && sscanf(data_str, "%*s %s", pid) == 1 && strcmp(pid + 9, "22A8") == 0) {
+                        if (data_str && sscanf(data_str, "%*s %15s", pid) == 1 && strlen(pid) > 10 && strcmp(pid + 9, "22A8") == 0) {
                             g_debug("Btsnoop Net Port for %s is %s", serial_number, pid + 9);
                         } else {
                             disable_interface = 1;
author	Ulf <ulf33286@gmail.com>	2017-08-22 21:52:29 -0400
committer	Michael Mann <mmann78@netscape.net>	2017-08-23 02:58:08 +0000
commit	5574b78dae2f607d4ace66ab60d516d0c569357d (patch)
tree	00dde2f755b716aefed1eb7857683673eecb7203 /extcap
parent	5c27cb5f83cb2c89cf470a6203fe057d3fa7e322 (diff)