diff options
| author | Guy Harris <guy@alum.mit.edu> | 2004-02-25 09:31:07 +0000 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2004-02-25 09:31:07 +0000 |
| commit | 857318d3b760aa1ee27b9025746e1f39ce946a53 (patch) | |
| tree | 4e9d5900443b375741a9966dee096dee52c01a1c | |
| parent | 3353ca1d5a8307ce1ae6afd49b3f7525596e0910 (diff) | |
Use "tvb_get_string()" instead of allocating a (len+1)-sized buffer,
"tvb_memcpy()"ing to it, and putting in a null terminator;
"tvb_get_string()" will check whether all bytes of the string are
present before allocating the buffer, so that you don't leak memory if
the copy throws an exception, and don't crash if the length is absurdly
large.
Use "tvb_memdup()" instead of allocating a buffer and "tvb_memcpy()"ing
to it, so that an exception is thrown before you try to allocate the
buffer (for the same reasons as listed above).
Before allocating a buffer used when processing a chunk of data from a
packet, get a pointer to the chunk with "tvb_get_ptr()", or check that
the data is all there with "tvb_ensure_bytes_exist()", so that an
exception is thrown before you try to allocate the buffer (for the same
reasons as listed above).
Fix up the lengths of the tvbuff used when dissecting ONC RPC opaque data
with a particular dissector.
svn path=/trunk/; revision=10236
| -rw-r--r-- | packet-atalk.c | 10 | ||||
| -rw-r--r-- | packet-dcerpc-mapi.c | 4 | ||||
| -rw-r--r-- | packet-dhcpv6.c | 10 | ||||
| -rw-r--r-- | packet-dsi.c | 6 | ||||
| -rw-r--r-- | packet-enip.c | 23 | ||||
| -rw-r--r-- | packet-gtp.c | 10 | ||||
| -rw-r--r-- | packet-icmpv6.c | 11 | ||||
| -rw-r--r-- | packet-ieee80211.c | 7 | ||||
| -rw-r--r-- | packet-nfs.c | 15 | ||||
| -rw-r--r-- | packet-nlm.c | 7 | ||||
| -rw-r--r-- | packet-ntlmssp.c | 7 | ||||
| -rw-r--r-- | packet-rpc.c | 47 | ||||
| -rw-r--r-- | packet-rtcp.c | 8 | ||||
| -rw-r--r-- | packet-telnet.c | 4 | ||||
| -rw-r--r-- | packet-vj.c | 5 | ||||
| -rw-r--r-- | packet-wsp.c | 14 | ||||
| -rw-r--r-- | packet-x11.c | 31 | ||||
| -rw-r--r-- | packet-xdmcp.c | 10 |
18 files changed, 95 insertions, 134 deletions
diff --git a/packet-atalk.c b/packet-atalk.c index da62e76548..dab3c9d848 100644 --- a/packet-atalk.c +++ b/packet-atalk.c @@ -2,7 +2,7 @@ * Routines for AppleTalk packet disassembly: LLAP, DDP, NBP, ATP, ASP, * RTMP. * - * $Id: packet-atalk.c,v 1.95 2004/02/19 07:12:26 guy Exp $ + * $Id: packet-atalk.c,v 1.96 2004/02/25 09:31:05 guy Exp $ * * Simon Wilkinson <sxw@dcs.ed.ac.uk> * @@ -518,9 +518,7 @@ static int dissect_pascal_string(tvbuff_t *tvb, int offset, proto_tree *tree, * code, we could perhaps avoid allocating and freeing * this string buffer. */ - tmp = g_malloc( len+1 ); - tvb_memcpy(tvb, tmp, offset, len); - tmp[len] = 0; + tmp = tvb_get_string(tvb, offset, len); item = proto_tree_add_string(tree, hf_index, tvb, offset-1, len+1, tmp); subtree = proto_item_add_subtree(item, ett_pstring); @@ -1055,9 +1053,7 @@ dissect_asp_reply_get_status(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree * break; case 4: /* DNS */ if (len > 2) { - tmp = g_malloc( len -1); - tvb_memcpy(tvb, tmp, ofs +2, len -2); - tmp[len -2] = 0; + tmp = tvb_get_string(tvb, ofs +2, len -2); ti = proto_tree_add_text(adr_tree, tvb, ofs, len, "dns %s", tmp); g_free(tmp); break; diff --git a/packet-dcerpc-mapi.c b/packet-dcerpc-mapi.c index 611cf09254..dc3d4d519e 100644 --- a/packet-dcerpc-mapi.c +++ b/packet-dcerpc-mapi.c @@ -2,7 +2,7 @@ * Routines for MS Exchange MAPI * Copyright 2002, Ronnie Sahlberg * - * $Id: packet-dcerpc-mapi.c,v 1.26 2004/01/19 20:10:33 jmayer Exp $ + * $Id: packet-dcerpc-mapi.c,v 1.27 2004/02/25 09:31:05 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -164,11 +164,11 @@ mapi_decrypt_pdu(tvbuff_t *tvb, int offset, } if(!pinfo->fd->flags.visited){ + ptr=(const unsigned char *)tvb_get_ptr(tvb, offset, len); mmd=g_mem_chunk_alloc(mapi_decrypted_data_chunk); mmd->callid=di->call_id; mmd->frame=pinfo->fd->num; mmd->data=g_malloc(len); - ptr=(const unsigned char *)tvb_get_ptr(tvb, offset, len); for(i=0;i<len;i++){ mmd->data[i]=ptr[i]^0xa5; } diff --git a/packet-dhcpv6.c b/packet-dhcpv6.c index dbb943e2b6..75c3654819 100644 --- a/packet-dhcpv6.c +++ b/packet-dhcpv6.c @@ -5,7 +5,7 @@ * SHIRASAKI Yasuhiro <yasuhiro@gnome.gr.jp> * Tony Lindstrom <tony.lindstrom@ericsson.com> * - * $Id: packet-dhcpv6.c,v 1.10 2004/01/29 03:46:36 guy Exp $ + * $Id: packet-dhcpv6.c,v 1.11 2004/02/25 09:31:05 guy Exp $ * * The information used comes from: * RFC3315.txt @@ -450,12 +450,8 @@ dhcpv6_option(tvbuff_t *tvb, proto_tree *bp_tree, int off, int eoff, "Unknown"), status_code); - if (optlen - 2 > 0) - status_message = g_malloc(optlen - 2 + 1); - if (status_message != 0){ - memset(status_message, 0, optlen - 2 + 1); - status_message = tvb_memcpy(tvb, status_message, off + 2, - optlen - 2); + if (optlen - 2 > 0) { + status_message = tvb_get_string(tvb, off + 2, optlen - 2); proto_tree_add_text(subtree, tvb, off + 2, optlen - 2, "Status Message: %s", status_message); diff --git a/packet-dsi.c b/packet-dsi.c index 1bde823c08..4437c1872b 100644 --- a/packet-dsi.c +++ b/packet-dsi.c @@ -2,7 +2,7 @@ * Routines for dsi packet dissection * Copyright 2001, Randy McEoin <rmceoin@pe.com> * - * $Id: packet-dsi.c,v 1.29 2004/01/13 21:49:52 guy Exp $ + * $Id: packet-dsi.c,v 1.30 2004/02/25 09:31:05 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -406,9 +406,7 @@ dissect_dsi_reply_get_status(tvbuff_t *tvb, proto_tree *tree, gint offset) case 4: /* DNS */ case 5: /* SSH tunnel */ if (len > 2) { - tmp = g_malloc( len -1); - tvb_memcpy(tvb, tmp, ofs +2, len -2); - tmp[len -2] = 0; + tmp = tvb_get_string(tvb, ofs +2, len -2); ti = proto_tree_add_text(adr_tree, tvb, ofs, len, "%s: %s", (type==4)?"dns":"ssh tunnel", tmp); g_free(tmp); diff --git a/packet-enip.c b/packet-enip.c index 2fe5f7a9b6..464c7080db 100644 --- a/packet-enip.c +++ b/packet-enip.c @@ -6,7 +6,7 @@ * Magnus Hansson <mah@hms.se> * Joakim Wiberg <jow@hms.se> * - * $Id: packet-enip.c,v 1.9 2004/02/04 20:34:53 guy Exp $ + * $Id: packet-enip.c,v 1.10 2004/02/25 09:31:05 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -661,10 +661,11 @@ static const value_string enip_class_names_vals[] = { static proto_item* add_byte_array_text_to_proto_tree( proto_tree *tree, tvbuff_t *tvb, gint start, gint length, const char* str ) { - char *tmp, *tmp2, *tmp2start; - proto_item* pi; - int i,tmp_length; - guint32 octet; + const char *tmp; + char *tmp2, *tmp2start; + proto_item *pi; + int i,tmp_length,tmp2_length; + guint32 octet; /* At least one version of Apple's C compiler/linker is buggy, causing a complaint from the linker about the "literal C string section" not ending with '\0' if we initialize a 16-element "char" array with @@ -676,22 +677,21 @@ add_byte_array_text_to_proto_tree( proto_tree *tree, tvbuff_t *tvb, gint start, '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' }; - if( ( length * 2 ) > 32 ) { - tmp2 = (char*)g_malloc( 36 ); tmp_length = 16; + tmp2_length = 36; } else { - tmp2 = (char*)g_malloc( ( length * 2 ) + 1 ); tmp_length = length; + tmp2_length = ( length * 2 ) + 1; } - tmp2start = tmp2; + tmp = tvb_get_ptr( tvb, start, tmp_length ); + tmp2 = (char*)g_malloc( tmp2_length ); - tmp = (char*)g_malloc( tmp_length ); - tvb_memcpy( tvb, tmp, start, tmp_length ); + tmp2start = tmp2; for( i = 0; i < tmp_length; i++ ) { @@ -713,7 +713,6 @@ add_byte_array_text_to_proto_tree( proto_tree *tree, tvbuff_t *tvb, gint start, pi = proto_tree_add_text( tree, tvb, start, length, "%s%s", str, tmp2start ); - g_free( tmp ); g_free( tmp2start ); return( pi ); diff --git a/packet-gtp.c b/packet-gtp.c index 227a61d895..6ecc05cd5e 100644 --- a/packet-gtp.c +++ b/packet-gtp.c @@ -4,7 +4,7 @@ * Copyright 2001, Michal Melerowicz <michal.melerowicz@nokia.com> * Nicolas Balkota <balkota@mac.com> * - * $Id: packet-gtp.c,v 1.71 2004/01/06 02:38:03 guy Exp $ + * $Id: packet-gtp.c,v 1.72 2004/02/25 09:31:05 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -3303,10 +3303,10 @@ decode_apn(tvbuff_t *tvb, int offset, guint16 length, proto_tree *tree) { guint8 name_len, tmp; if (length > 0) { - apn = g_malloc (length + 1); name_len = tvb_get_guint8 (tvb, offset); if (name_len < 0x20) { + apn = tvb_get_string(tvb, offset + 1, length); tvb_memcpy (tvb, apn, offset + 1, length); for (;;) { if (name_len >= length - 1) break; @@ -3314,11 +3314,9 @@ decode_apn(tvbuff_t *tvb, int offset, guint16 length, proto_tree *tree) { name_len = name_len + apn[tmp] + 1; apn[tmp] = '.'; } - } else { - tvb_memcpy (tvb, apn, offset, length); - } + } else + apn = tvb_get_string(tvb, offset, length); - apn[length-1] = '\0'; proto_tree_add_string (tree, hf_gtp_apn, tvb, offset, length, apn); g_free(apn); } diff --git a/packet-icmpv6.c b/packet-icmpv6.c index 6cb240953e..2a50bdb283 100644 --- a/packet-icmpv6.c +++ b/packet-icmpv6.c @@ -1,7 +1,7 @@ /* packet-icmpv6.c * Routines for ICMPv6 packet disassembly * - * $Id: packet-icmpv6.c,v 1.76 2004/01/29 03:59:03 guy Exp $ + * $Id: packet-icmpv6.c,v 1.77 2004/02/25 09:31:06 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -217,16 +217,19 @@ again: case ND_OPT_SOURCE_LINKADDR: case ND_OPT_TARGET_LINKADDR: { - char *t; int len, i, p; + const guint8 *a; + char *t; + + p = offset + sizeof(*opt); len = (opt->nd_opt_len << 3) - sizeof(*opt); + a = tvb_get_ptr(tvb, p, len); t = g_malloc(len * 3); memset(t, 0, len * 3); - p = offset + sizeof(*opt); for (i = 0; i < len; i++) { if (i) t[i * 3 - 1] = ':'; - sprintf(&t[i * 3], "%02x", tvb_get_guint8(tvb, p + i) & 0xff); + sprintf(&t[i * 3], "%02x", a[i]); } proto_tree_add_text(icmp6opt_tree, tvb, offset + sizeof(*opt), len, "Link-layer address: %s", t); diff --git a/packet-ieee80211.c b/packet-ieee80211.c index d01d8b0ed6..9da0196d77 100644 --- a/packet-ieee80211.c +++ b/packet-ieee80211.c @@ -3,7 +3,7 @@ * Copyright 2000, Axis Communications AB * Inquiries/bugreports should be sent to Johan.Jorgensen@axis.com * - * $Id: packet-ieee80211.c,v 1.105 2004/02/18 07:56:42 guy Exp $ + * $Id: packet-ieee80211.c,v 1.106 2004/02/25 09:31:06 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -2626,6 +2626,7 @@ proto_reg_handoff_ieee80211(void) } static tvbuff_t *try_decrypt_wep(tvbuff_t *tvb, guint32 offset, guint32 len) { + const guint8 *enc_data; guint8 *tmp = NULL; int i; tvbuff_t *decr_tvb = NULL; @@ -2633,6 +2634,8 @@ static tvbuff_t *try_decrypt_wep(tvbuff_t *tvb, guint32 offset, guint32 len) { if (num_wepkeys < 1) return NULL; + enc_data = tvb_get_ptr(tvb, offset, len); + if ((tmp = g_malloc(len)) == NULL) return NULL; /* krap! */ @@ -2642,7 +2645,7 @@ static tvbuff_t *try_decrypt_wep(tvbuff_t *tvb, guint32 offset, guint32 len) { #if 0 printf("trying %d\n", i); #endif - tvb_memcpy(tvb, tmp, offset, len); + memcpy(tmp, enc_data, len); if (wep_decrypt(tmp, len, i) == 0) { /* decrypt successful, let's set up a new data tvb. */ diff --git a/packet-nfs.c b/packet-nfs.c index 1b132a671d..b87b9b1535 100644 --- a/packet-nfs.c +++ b/packet-nfs.c @@ -2,7 +2,7 @@ * Routines for nfs dissection * Copyright 1999, Uwe Girlich <Uwe.Girlich@philosys.de> * Copyright 2000-2002, Mike Frisch <frisch@hummingbird.com> (NFSv4 decoding) - * $Id: packet-nfs.c,v 1.95 2004/02/11 04:34:38 guy Exp $ + * $Id: packet-nfs.c,v 1.96 2004/02/25 09:31:06 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -678,8 +678,7 @@ nfs_name_snoop_add_name(int xid, tvbuff_t *tvb, int name_offset, int name_len, i if(parent_len){ nns->parent_len=parent_len; - nns->parent=g_malloc(parent_len); - memcpy(nns->parent, tvb_get_ptr(tvb, parent_offset, parent_len), parent_len); + nns->parent=tvb_memdup(tvb, parent_offset, parent_len); } else { nns->parent_len=0; nns->parent=NULL; @@ -739,8 +738,7 @@ nfs_name_snoop_add_fh(int xid, tvbuff_t *tvb, int fh_offset, int fh_length) } /* oki, we have a new entry */ - fh=g_malloc(fh_length); - memcpy(fh, tvb_get_ptr(tvb, fh_offset, fh_length), fh_length); + fh=tvb_memdup(tvb, fh_offset, fh_length); nns->fh=fh; nns->fh_length=fh_length; @@ -6022,6 +6020,7 @@ dissect_nfs_attributes(tvbuff_t *tvb, int offset, packet_info *pinfo, int attr_vals_offset; bitmap_len = tvb_get_ntohl(tvb, offset); + tvb_ensure_bytes_exist(tvb, offset, 4 + bitmap_len * 4); fitem = proto_tree_add_text(tree, tvb, offset, 4 + bitmap_len * 4, "%s", "attrmask"); offset += 4; @@ -6039,12 +6038,6 @@ dissect_nfs_attributes(tvbuff_t *tvb, int offset, packet_info *pinfo, for (i = 0; i < bitmap_len; i++) { - if (!tvb_bytes_exist(tvb, offset, 4)) - { - g_free(bitmap); - return offset; - } - bitmap[i] = tvb_get_ntohl(tvb, offset); sl = 0x00000001; diff --git a/packet-nlm.c b/packet-nlm.c index 01a4bdeea0..a7fa6f8220 100644 --- a/packet-nlm.c +++ b/packet-nlm.c @@ -1,7 +1,7 @@ /* packet-nlm.c * Routines for nlm dissection * - * $Id: packet-nlm.c,v 1.35 2003/08/17 21:34:22 sahlberg Exp $ + * $Id: packet-nlm.c,v 1.36 2004/02/25 09:31:06 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -296,7 +296,6 @@ nlm_register_unmatched_msg(packet_info *pinfo, tvbuff_t *tvb, int offset) { nlm_msg_res_unmatched_data *umd; nlm_msg_res_unmatched_data *old_umd; - char *cookie; /* allocate and build the unmatched structure for this request */ umd=g_malloc(sizeof(nlm_msg_res_unmatched_data)); @@ -304,9 +303,7 @@ nlm_register_unmatched_msg(packet_info *pinfo, tvbuff_t *tvb, int offset) umd->ns.secs=pinfo->fd->abs_secs; umd->ns.nsecs=pinfo->fd->abs_usecs*1000; umd->cookie_len=tvb_get_ntohl(tvb, offset); - cookie=g_malloc(umd->cookie_len); - tvb_memcpy(tvb, (guint8 *)cookie, offset+4, umd->cookie_len); - umd->cookie=cookie; + umd->cookie=tvb_memdup(tvb, offset+4, umd->cookie_len); /* remove any old duplicates */ old_umd=g_hash_table_lookup(nlm_msg_res_unmatched, (gconstpointer)umd); diff --git a/packet-ntlmssp.c b/packet-ntlmssp.c index 0538692dce..c8fdb675e2 100644 --- a/packet-ntlmssp.c +++ b/packet-ntlmssp.c @@ -3,7 +3,7 @@ * Devin Heitmueller <dheitmueller@netilla.com> * Copyright 2003, Tim Potter <tpot@samba.org> * - * $Id: packet-ntlmssp.c,v 1.46 2004/01/19 20:10:36 jmayer Exp $ + * $Id: packet-ntlmssp.c,v 1.47 2004/02/25 09:31:06 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -1268,11 +1268,10 @@ dissect_ntlmssp_encrypted_payload(tvbuff_t *tvb, int offset, /* Store the decrypted contents in the packet state struct (of course at this point, they aren't decrypted yet) */ - packet_ntlmssp_info->decrypted_payload = g_malloc (encrypted_block_length); + packet_ntlmssp_info->decrypted_payload = tvb_memdup(tvb, offset, + encrypted_block_length); decrypted_payloads = g_slist_prepend(decrypted_payloads, packet_ntlmssp_info->decrypted_payload); - tvb_memcpy(tvb, packet_ntlmssp_info->decrypted_payload, - offset, encrypted_block_length); /* Do the decryption of the payload */ crypt_rc4(rc4_state, packet_ntlmssp_info->decrypted_payload, diff --git a/packet-rpc.c b/packet-rpc.c index 2daadabaf2..5772839b01 100644 --- a/packet-rpc.c +++ b/packet-rpc.c @@ -2,7 +2,7 @@ * Routines for rpc dissection * Copyright 1999, Uwe Girlich <Uwe.Girlich@philosys.de> * - * $Id: packet-rpc.c,v 1.140 2003/12/28 12:43:38 ulfl Exp $ + * $Id: packet-rpc.c,v 1.141 2004/02/25 09:31:06 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -526,6 +526,7 @@ dissect_rpc_opaque_data(tvbuff_t *tvb, int offset, gboolean string_data, char **string_buffer_ret, dissect_function_t *dissect_it) { + int data_offset; proto_item *string_item = NULL; proto_tree *string_tree = NULL; @@ -548,14 +549,14 @@ dissect_rpc_opaque_data(tvbuff_t *tvb, int offset, if (fixed_length) { string_length = length; - string_length_captured = tvb_length_remaining(tvb, offset); - string_length_packet = tvb_reported_length_remaining(tvb, offset); + data_offset = offset; } else { string_length = tvb_get_ntohl(tvb,offset+0); - string_length_captured = tvb_length_remaining(tvb, offset + 4); - string_length_packet = tvb_reported_length_remaining(tvb, offset + 4); + data_offset = offset + 4; } + string_length_captured = tvb_length_remaining(tvb, data_offset); + string_length_packet = tvb_reported_length_remaining(tvb, data_offset); string_length_full = rpc_roundup(string_length); if (string_length_captured < string_length) { /* truncated string */ @@ -572,18 +573,10 @@ dissect_rpc_opaque_data(tvbuff_t *tvb, int offset, /* full string data */ string_length_copy = string_length; fill_length = string_length_full - string_length; - if (fixed_length) { - fill_length_captured = tvb_length_remaining(tvb, - offset + string_length); - fill_length_packet = tvb_reported_length_remaining(tvb, - offset + string_length); - } - else { - fill_length_captured = tvb_length_remaining(tvb, - offset + 4 + string_length); - fill_length_packet = tvb_reported_length_remaining(tvb, - offset + 4 + string_length); - } + fill_length_captured = tvb_length_remaining(tvb, + data_offset + string_length); + fill_length_packet = tvb_reported_length_remaining(tvb, + data_offset + string_length); if (fill_length_captured < fill_length) { /* truncated fill bytes */ fill_length_copy = fill_length_packet; @@ -608,22 +601,20 @@ dissect_rpc_opaque_data(tvbuff_t *tvb, int offset, if (dissect_it) { tvbuff_t *opaque_tvb; - opaque_tvb = tvb_new_subset(tvb, offset, - (fixed_length?offset:(offset + 4)), string_length_copy); + opaque_tvb = tvb_new_subset(tvb, data_offset, string_length_copy, + string_length); return (*dissect_it)(opaque_tvb, offset, pinfo, tree); } - string_buffer = (char*)g_malloc(string_length_copy + - (string_data ? 1 : 0)); - if (fixed_length) - tvb_memcpy(tvb,string_buffer, offset, string_length_copy); - else - tvb_memcpy(tvb,string_buffer,offset+4,string_length_copy); - if (string_data) - string_buffer[string_length_copy] = '\0'; - + if (string_data) { + string_buffer = tvb_get_string(tvb, data_offset, + string_length_copy); + } else { + string_buffer = tvb_memdup(tvb, data_offset, + string_length_copy); + } /* calculate a nice printable string */ if (string_length) { if (string_length != string_length_copy) { diff --git a/packet-rtcp.c b/packet-rtcp.c index cb56c7afa1..c6b75ed2f2 100644 --- a/packet-rtcp.c +++ b/packet-rtcp.c @@ -1,6 +1,6 @@ /* packet-rtcp.c * - * $Id: packet-rtcp.c,v 1.39 2004/02/14 22:48:52 guy Exp $ + * $Id: packet-rtcp.c,v 1.40 2004/02/25 09:31:06 guy Exp $ * * Routines for RTCP dissection * RTCP = Real-time Transport Control Protocol @@ -369,7 +369,6 @@ dissect_rtcp_bye( tvbuff_t *tvb, int offset, proto_tree *tree, { unsigned int chunk = 1; unsigned int reason_length = 0; - unsigned int counter = 0; char* reason_text = NULL; while ( chunk <= count ) { @@ -385,10 +384,7 @@ dissect_rtcp_bye( tvbuff_t *tvb, int offset, proto_tree *tree, proto_tree_add_item( tree, hf_rtcp_ssrc_length, tvb, offset, 1, FALSE ); offset++; - reason_text = g_malloc( reason_length + 1 ); - for ( counter = 0; counter < reason_length; counter++ ) reason_text[ counter ] = tvb_get_guint8( tvb, offset + counter ); - /* strncpy( reason_text, pd + offset, reason_length ); */ - reason_text[ reason_length ] = '\0'; + reason_text = tvb_get_string(tvb, offset, reason_length); proto_tree_add_string( tree, hf_rtcp_ssrc_text, tvb, offset, reason_length, reason_text ); g_free( reason_text ); offset += reason_length; diff --git a/packet-telnet.c b/packet-telnet.c index 63255a8895..a416c94420 100644 --- a/packet-telnet.c +++ b/packet-telnet.c @@ -2,7 +2,7 @@ * Routines for Telnet packet dissection; see RFC 854 and RFC 855 * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com> * - * $Id: packet-telnet.c,v 1.44 2004/02/03 18:41:19 guy Exp $ + * $Id: packet-telnet.c,v 1.45 2004/02/25 09:31:07 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -707,11 +707,11 @@ unescape_and_tvbuffify_telnet_option(packet_info *pinfo, tvbuff_t *tvb, int offs if(len>=MAX_KRB5_BLOB_LEN) return NULL; + spos=tvb_get_ptr(tvb, offset, len); /* XXX we never g_free() this one. This is done automagically when the parent tvb is destroyed? */ buf=g_malloc(len); - spos=tvb_get_ptr(tvb, offset, len); dpos=buf; skip=0; l=len; diff --git a/packet-vj.c b/packet-vj.c index ccdedea1f9..34e3668601 100644 --- a/packet-vj.c +++ b/packet-vj.c @@ -1,7 +1,7 @@ /* packet-vj.c * Routines for Van Jacobson header decompression. * - * $Id: packet-vj.c,v 1.17 2003/08/26 05:52:53 guy Exp $ + * $Id: packet-vj.c,v 1.18 2004/02/25 09:31:07 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -309,8 +309,7 @@ dissect_vjuc(tvbuff_t *tvb, packet_info *pinfo, proto_tree * tree) * Copy packet data to a buffer, and replace the connection index with * the protocol type (which is always TCP), to give the actual IP header. */ - buffer = g_malloc(isize); - tvb_memcpy(tvb, buffer, 0, isize); + buffer = tvb_memdup(tvb, 0, isize); buffer[IP_FIELD_PROTOCOL] = IP_PROTO_TCP; /* Check IP checksum */ diff --git a/packet-wsp.c b/packet-wsp.c index e47db58263..97093fec12 100644 --- a/packet-wsp.c +++ b/packet-wsp.c @@ -2,7 +2,7 @@ * * Routines to dissect WSP component of WAP traffic. * - * $Id: packet-wsp.c,v 1.108 2004/02/04 20:19:25 obiot Exp $ + * $Id: packet-wsp.c,v 1.109 2004/02/25 09:31:07 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -5645,10 +5645,7 @@ add_post_variable (proto_tree *tree, tvbuff_t *tvb, guint variableStart, guint v char *variableBuffer; char *valueBuffer; - variableBuffer = g_malloc (variableLength+1); - strncpy (variableBuffer, (const char *)tvb_get_ptr (tvb, - variableStart, variableLength), variableLength); - variableBuffer[variableLength] = 0; + variableBuffer = tvb_get_string(tvb, variableStart, variableLength); if (valueEnd < valueStart) { @@ -5659,10 +5656,9 @@ add_post_variable (proto_tree *tree, tvbuff_t *tvb, guint variableStart, guint v else { valueLength = valueEnd-valueStart; - valueBuffer = g_malloc (valueLength+1); - strncpy (valueBuffer, (const char *)tvb_get_ptr (tvb, - valueStart, valueLength), valueLength); - valueBuffer[valueLength] = 0; + /* XXX - if this throws an exception, "variableBuffer" + is leaked */ + valueBuffer = tvb_get_string(tvb, valueStart, valueLength); } /* Check for variables with no value */ diff --git a/packet-x11.c b/packet-x11.c index 2d5a6f372d..003a4e9f92 100644 --- a/packet-x11.c +++ b/packet-x11.c @@ -3,7 +3,7 @@ * Copyright 2000, Christophe Tronche <ch.tronche@computer.org> * Copyright 2003, Michael Shuldman * - * $Id: packet-x11.c,v 1.53 2004/01/18 16:18:30 jmayer Exp $ + * $Id: packet-x11.c,v 1.54 2004/02/25 09:31:07 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -1702,13 +1702,15 @@ static void listOfKeycode(tvbuff_t *tvb, int *offsetp, proto_tree *t, int hf, for (m = 0; m < array_length(modifiers); ++m, *offsetp += keycodes_per_modifier) { + const guint8 *p; char *bp = buffer; int i; + p = tvb_get_ptr(tvb, *offsetp, keycodes_per_modifier); modifiermap[m] = g_malloc(keycodes_per_modifier); for(i = 0; i < keycodes_per_modifier; ++i) { - guchar c = tvb_get_guint8(tvb, *offsetp + i); + guchar c = p[i]; if (c) bp += sprintf(bp, " %s=%d", modifiers[m], c); @@ -1717,9 +1719,8 @@ static void listOfKeycode(tvbuff_t *tvb, int *offsetp, proto_tree *t, int hf, } proto_tree_add_bytes_format(tt, hf_x11_keycodes_item, tvb, - *offsetp, keycodes_per_modifier, - tvb_get_ptr(tvb, *offsetp, keycodes_per_modifier), - "item: %s", buffer); + *offsetp, keycodes_per_modifier, p, + "item: %s", buffer); } } @@ -2317,22 +2318,14 @@ static void setOfPointerEvent(tvbuff_t *tvb, int *offsetp, proto_tree *t, static void string8(tvbuff_t *tvb, int *offsetp, proto_tree *t, int hf, unsigned length) { - char *s = g_malloc(length + 1); + const guint8 *p; + char *s; - /* - * In case we throw an exception, clean up whatever stuff we've - * allocated (if any). - */ - CLEANUP_PUSH(g_free, s); - - stringCopy(s, tvb_get_ptr(tvb, *offsetp, length), length); + p = tvb_get_ptr(tvb, *offsetp, length); + s = g_malloc(length + 1); + stringCopy(s, p, length); proto_tree_add_string(t, hf, tvb, *offsetp, length, s); - - /* - * Call the cleanup handler to free the string and pop the handler. - */ - CLEANUP_CALL_AND_POP; - + g_free(s); *offsetp += length; } diff --git a/packet-xdmcp.c b/packet-xdmcp.c index ebc179a33e..28a5655981 100644 --- a/packet-xdmcp.c +++ b/packet-xdmcp.c @@ -2,7 +2,7 @@ * Routines for XDMCP message dissection * Copyright 2002, Pasi Eronen <pasi.eronen@nixu.com> * - * $Id: packet-xdmcp.c,v 1.4 2003/12/21 05:51:34 jmayer Exp $ + * $Id: packet-xdmcp.c,v 1.5 2004/02/25 09:31:07 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -111,12 +111,14 @@ static void stringCopy(char *dest, const char *source, int length) static gint xdmcp_add_string(proto_tree *tree, gint hf, tvbuff_t *tvb, gint offset) { + const guint8 *p; char *str; guint len; len = tvb_get_ntohs(tvb, offset); + p = tvb_get_ptr(tvb, offset+2, len); str = g_malloc(len+1); - stringCopy(str, tvb_get_ptr(tvb, offset+2, len), len); + stringCopy(str, p, len); proto_tree_add_string(tree, hf, tvb, offset, len+2, str); g_free(str); @@ -126,12 +128,14 @@ static gint xdmcp_add_string(proto_tree *tree, gint hf, static gint xdmcp_add_text(proto_tree *tree, const char *text, tvbuff_t *tvb, gint offset) { + const guint8 *p; char *str; guint len; len = tvb_get_ntohs(tvb, offset); + p = tvb_get_ptr(tvb, offset+2, len); str = g_malloc(len+1); - stringCopy(str, tvb_get_ptr(tvb, offset+2, len), len); + stringCopy(str, p, len); proto_tree_add_text(tree, tvb, offset, len+2, "%s: %s", text, str); g_free(str); |