diff options
author | Stig Bjørlykke <stig@bjorlykke.org> | 2008-02-02 17:17:16 +0000 |
---|---|---|
committer | Stig Bjørlykke <stig@bjorlykke.org> | 2008-02-02 17:17:16 +0000 |
commit | f4871e6269b60873a2a82db5f8c88ef8228d9c1b (patch) | |
tree | 6ee344eb22300e4885a8eed1422390e8c5ccc0cc /epan/dissectors/packet-fmp.c | |
parent | dc1f6dc4246c001510c6512503b7714d92f0666e (diff) |
Fixed a possible buffer overflow in dissect_fmp_flushCmd() when cmd has
all bits set.
svn path=/trunk/; revision=24248
Diffstat (limited to 'epan/dissectors/packet-fmp.c')
-rw-r--r-- | epan/dissectors/packet-fmp.c | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/epan/dissectors/packet-fmp.c b/epan/dissectors/packet-fmp.c index 326035e789..3d72d478f6 100644 --- a/epan/dissectors/packet-fmp.c +++ b/epan/dissectors/packet-fmp.c @@ -463,7 +463,7 @@ dissect_fmp_flushCmd(tvbuff_t *tvb, int offset, proto_tree *tree) /* Initialize the message for an empty string */ msgIndex = msg; - strcpy(msgIndex, "No command specified"); + strncpy(msgIndex, "No command specified", MAX_MSG_SIZE); for (i = 0; cmd != 0 && i < 32; i++) { @@ -472,31 +472,31 @@ dissect_fmp_flushCmd(tvbuff_t *tvb, int offset, proto_tree *tree) if (cmd & bitValue) { switch (bitValue) { case FMP_COMMIT_SPECIFIED: - strcpy(msgIndex, "COMMIT_SPECIFIED"); + strncpy(msgIndex, "COMMIT_SPECIFIED", MAX_MSG_SIZE - strlen(msg)); msgIndex += strlen("COMMIT_SPECIFIED"); break; case FMP_RELEASE_SPECIFIED: - strcpy(msgIndex, "RELEASE_SPECIFIED"); + strncpy(msgIndex, "RELEASE_SPECIFIED", MAX_MSG_SIZE - strlen(msg)); msgIndex += strlen("RELEASE_SPECIFIED"); break; case FMP_RELEASE_ALL: - strcpy(msgIndex, "RELEASE_ALL"); + strncpy(msgIndex, "RELEASE_ALL", MAX_MSG_SIZE - strlen(msg)); msgIndex += strlen("RELEASE_ALL"); break; case FMP_CLOSE_FILE: - strcpy(msgIndex, "CLOSE_FILE"); + strncpy(msgIndex, "CLOSE_FILE", MAX_MSG_SIZE - strlen(msg)); msgIndex += strlen("CLOSE_FILE"); break; case FMP_UPDATE_TIME: - strcpy(msgIndex, "UPDATE_TIME"); + strncpy(msgIndex, "UPDATE_TIME", MAX_MSG_SIZE - strlen(msg)); msgIndex += strlen("UPDATE_TIME"); break; case FMP_ACCESS_TIME: - strcpy(msgIndex, "ACCESS_TIME"); + strncpy(msgIndex, "ACCESS_TIME", MAX_MSG_SIZE - strlen(msg)); msgIndex += strlen("ACCESS_TIME"); break; default: - strcpy(msgIndex, "UNKNOWN"); + strncpy(msgIndex, "UNKNOWN", MAX_MSG_SIZE - strlen(msg)); msgIndex += strlen("UNKNOWN"); break; } @@ -506,11 +506,12 @@ dissect_fmp_flushCmd(tvbuff_t *tvb, int offset, proto_tree *tree) /* add a "bitwise inclusive OR" symbol between cmds */ if (cmd) { - strcpy(msgIndex, " | "); + strncpy(msgIndex, " | ", MAX_MSG_SIZE - strlen(msg)); msgIndex += strlen(" | "); } } } + msg[MAX_MSG_SIZE-1] = '\0'; proto_tree_add_text(tree, tvb, offset, 4, "Cmd: %s", msg); offset += 4; |