diff options
author | Evan Huus <eapache@gmail.com> | 2014-02-03 08:39:46 -0500 |
---|---|---|
committer | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2014-02-03 16:18:54 +0000 |
commit | 538525918aa6a2e140acc63dbf14f3ac7797db45 (patch) | |
tree | 832d841c43207589dd8ecd7d08dec50dfef3483c | |
parent | f62450ff9362058adeabb7fafc91ca69f09b1ede (diff) |
Don't pass tvb_get_ptr to proto_tree_add_string
If the string doesn't end with a null-terminator in the given length it causes a
read-overflow. Should fix bug #9717.
Change-Id: I44647ef8ecb856e07d1175777ed603736ec63553
Reviewed-on: https://code.wireshark.org/review/90
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
-rw-r--r-- | plugins/wimaxasncp/packet-wimaxasncp.c | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/plugins/wimaxasncp/packet-wimaxasncp.c b/plugins/wimaxasncp/packet-wimaxasncp.c index 9f70311e85..daf5b4d3a5 100644 --- a/plugins/wimaxasncp/packet-wimaxasncp.c +++ b/plugins/wimaxasncp/packet-wimaxasncp.c @@ -835,14 +835,11 @@ static void wimaxasncp_dissect_tlv_value( { if (tree) { - const guint8 *p; const gchar *s = tvb_get_string(wmem_packet_scope(), tvb, offset, length); - p = tvb_get_ptr(tvb, offset, length); - proto_tree_add_string_format( tree, tlv_info->hf_value, - tvb, offset, length, p, + tvb, offset, length, s, "Value: %s", s); proto_item_append_text( |