diff options
author | morriss <morriss@f5534014-38df-0310-8fa8-9805f1628bb7> | 2008-06-26 20:40:30 +0000 |
---|---|---|
committer | morriss <morriss@f5534014-38df-0310-8fa8-9805f1628bb7> | 2008-06-26 20:40:30 +0000 |
commit | 8f1fc428aced2d9f37ec866a9dae141c35c731ca (patch) | |
tree | 403f1ded449f56f45b7c988a553da220ed329b89 | |
parent | a6f7dfe1b07c247863e076a967c06703e8fa66d1 (diff) |
From Abhik Sarkar via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2647 :
The syslog dissector could crash if the "packlog" MSU is truncated such that
the hex string ends in with a nibble.
From me: Check if that will happen and chop off the nibble before giving it to
convert_string_to_hex() so we'll dissect as much of the MSU as possible.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@25612 f5534014-38df-0310-8fa8-9805f1628bb7
-rw-r--r-- | epan/dissectors/packet-syslog.c | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/epan/dissectors/packet-syslog.c b/epan/dissectors/packet-syslog.c index 1bb8273014..fd4b0f98eb 100644 --- a/epan/dissectors/packet-syslog.c +++ b/epan/dissectors/packet-syslog.c @@ -180,7 +180,7 @@ static dissector_handle_t mtp_handle; static tvbuff_t * mtp3_msu_present(gint fac, gint level, const char *msg_str) { - size_t nbytes; + size_t nbytes, len; gchar **split_string, *msu_hex_dump; tvbuff_t *mtp3_tvb = NULL; guint8 *byte_array; @@ -198,11 +198,22 @@ mtp3_msu_present(gint fac, gint level, const char *msg_str) split_string = g_strsplit(msg_str, "msu=", 2); msu_hex_dump = split_string[1]; - if (msu_hex_dump && strlen(msu_hex_dump)) { + if (msu_hex_dump && (len = strlen(msu_hex_dump))) { + + /* convert_string_to_hex() will return NULL if it gets an incomplete + * byte. If we have an odd string length then chop off the remaining + * nibble so we can get at least a partial MSU (chances are the + * subdissector will assert out, of course). + */ + if (len % 2) + msu_hex_dump[len - 1] = '\0'; + byte_array = convert_string_to_hex(msu_hex_dump, &nbytes); - mtp3_tvb = tvb_new_real_data(byte_array, nbytes, nbytes); - tvb_set_free_cb(mtp3_tvb, g_free); + if (byte_array) { + mtp3_tvb = tvb_new_real_data(byte_array, nbytes, nbytes); + tvb_set_free_cb(mtp3_tvb, g_free); + } } g_strfreev(split_string); |