Rewrote some prohibited APIs in epan/dissectors/ (sprintf, strcpy, strcat).

If we get some truncated strings we probably overwrote some buffers...

svn path=/trunk/; revision=24249

1 files changed, 21 insertions, 18 deletions

diff --git a/epan/dissectors/packet-nbns.c b/epan/dissectors/packet-nbns.c
index 791874b020..1895f431bd 100644
--- a/epan/dissectors/packet-nbns.c
+++ b/epan/dissectors/packet-nbns.c
@@ -465,11 +465,11 @@ nbns_add_nbns_flags(column_info *cinfo, proto_tree *nbns_tree, tvbuff_t *tvb, in
 	opcode = (guint16) ((flags & F_OPCODE) >> OPCODE_SHIFT);
 	g_snprintf(buf, MAX_BUF_SIZE, "%s", val_to_str(opcode, opcode_vals, "Unknown operation"));
 	if (flags & F_RESPONSE && !is_wack) {
-		strcat(buf, " response");
-		strcat(buf, ", ");
-		strcat(buf, val_to_str(flags & F_RCODE, rcode_vals,
-		    "Unknown error"));
-
+		strncat(buf, " response", MAX_BUF_SIZE - strlen(buf));
+		strncat(buf, ", ", MAX_BUF_SIZE - strlen(buf));
+		strncat(buf, val_to_str(flags & F_RCODE, rcode_vals,
+		    "Unknown error"), MAX_BUF_SIZE - strlen(buf));
+		buf[MAX_BUF_SIZE-1] = '\0';
 		if ((flags & F_RCODE) && check_col(cinfo, COL_INFO))
 			col_append_fstr(cinfo, COL_INFO, ", %s",
 					val_to_str(flags & F_RCODE, rcode_vals,
@@ -519,11 +519,12 @@ nbns_add_nb_flags(proto_tree *rr_tree, tvbuff_t *tvb, int offset, gushort flags)
 	buf=ep_alloc(MAX_BUF_SIZE);
 	g_snprintf(buf, MAX_BUF_SIZE, "%s", val_to_str(flags & NB_FLAGS_ONT, nb_flags_ont_vals,
 	    "Unknown"));
-	strcat(buf, ", ");
+	strncat(buf, ", ", MAX_BUF_SIZE - strlen(buf));
 	if (flags & NB_FLAGS_G)
-		strcat(buf, "group");
+		strncat(buf, "group", MAX_BUF_SIZE - strlen(buf));
 	else
-		strcat(buf, "unique");
+		strncat(buf, "unique", MAX_BUF_SIZE - strlen(buf));
+	buf[MAX_BUF_SIZE-1] = '\0';
 	tf = proto_tree_add_text(rr_tree, tvb, offset, 2, "Flags: 0x%x (%s)", flags,
 			buf);
 	field_tree = proto_item_add_subtree(tf, ett_nbns_nb_flags);
@@ -554,19 +555,20 @@ nbns_add_name_flags(proto_tree *rr_tree, tvbuff_t *tvb, int offset,
 	buf=ep_alloc(MAX_BUF_SIZE);
 	g_snprintf(buf, MAX_BUF_SIZE, "%s", val_to_str(flags & NAME_FLAGS_ONT, name_flags_ont_vals,
 	    "Unknown"));
-	strcat(buf, ", ");
+	strncat(buf, ", ", MAX_BUF_SIZE - strlen(buf));
 	if (flags & NAME_FLAGS_G)
-		strcat(buf, "group");
+		strncat(buf, "group", MAX_BUF_SIZE - strlen(buf));
 	else
-		strcat(buf, "unique");
+		strncat(buf, "unique", MAX_BUF_SIZE - strlen(buf));
 	if (flags & NAME_FLAGS_DRG)
-		strcat(buf, ", being deregistered");
+		strncat(buf, ", being deregistered", MAX_BUF_SIZE - strlen(buf));
 	if (flags & NAME_FLAGS_CNF)
-		strcat(buf, ", in conflict");
+		strncat(buf, ", in conflict", MAX_BUF_SIZE - strlen(buf));
 	if (flags & NAME_FLAGS_ACT)
-		strcat(buf, ", active");
+		strncat(buf, ", active", MAX_BUF_SIZE - strlen(buf));
 	if (flags & NAME_FLAGS_PRM)
-		strcat(buf, ", permanent node name");
+		strncat(buf, ", permanent node name", MAX_BUF_SIZE - strlen(buf));
+	buf[MAX_BUF_SIZE-1] = '\0';
 	tf = proto_tree_add_text(rr_tree, tvb, offset, 2, "Name flags: 0x%x (%s)",
 			flags, buf);
 	field_tree = proto_item_add_subtree(tf, ett_nbns_name_flags);
@@ -664,9 +666,10 @@ dissect_nbns_answer(tvbuff_t *tvb, int offset, int nbns_data_offset,
 		    (data_offset - data_start) + data_len,
 		    "%s: type %s, class %s",
 		    name, type_name, class_name);
-		strcat(name, " (");
-		strcat(name, netbios_name_type_descr(name_type));
-		strcat(name, ")");
+		strncat(name, " (", MAX_NAME_LEN - strlen(name));
+		strncat(name, netbios_name_type_descr(name_type), MAX_NAME_LEN - strlen(name));
+		strncat(name, ")", MAX_NAME_LEN - strlen(name));
+		name[MAX_NAME_LEN-1] = '\0';
 		rr_tree = add_rr_to_tree(trr, ett_nbns_rr, tvb, offset, name,
 		    name_len, type_name, dns_class_name(class), ttl, data_len);
 		while (data_len > 0) {