diff options
author | Guy Harris <guy@alum.mit.edu> | 2005-12-07 03:03:37 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2005-12-07 03:03:37 +0000 |
commit | 9fea197bf90c55c7816ed82b072d0d2b923581b5 (patch) | |
tree | f92a3ffbc5ee6b187e129e29c4164166fbfe56c1 /epan/dissectors/packet-rtcp.c | |
parent | 3250d41ea6984481a884d7f36faba32003f3f220 (diff) |
Why duplicate the code of "tvb_get_string()" when you could just use
"tvb_get_string()"?
Why even bother with "tvb_get_string()" when you can just use
"proto_tree_add_item()" with a string item?
Make sure that the prefix in a PRIV item isn't bigger than the item
itself. That fixes bug 603.
svn path=/trunk/; revision=16716
Diffstat (limited to 'epan/dissectors/packet-rtcp.c')
-rw-r--r-- | epan/dissectors/packet-rtcp.c | 58 |
1 files changed, 29 insertions, 29 deletions
diff --git a/epan/dissectors/packet-rtcp.c b/epan/dissectors/packet-rtcp.c index ae66d0f7af..65bfb8572a 100644 --- a/epan/dissectors/packet-rtcp.c +++ b/epan/dissectors/packet-rtcp.c @@ -860,9 +860,7 @@ dissect_rtcp_sdes( tvbuff_t *tvb, int offset, proto_tree *tree, guint32 ssrc; unsigned int item_len = 0; unsigned int sdes_type = 0; - unsigned int counter = 0; unsigned int prefix_len = 0; - char *prefix_string = NULL; while ( chunk <= count ) { /* Create a subtree for this chunk; we don't yet know @@ -905,33 +903,35 @@ dissect_rtcp_sdes( tvbuff_t *tvb, int offset, proto_tree *tree, proto_tree_add_item( sdes_item_tree, hf_rtcp_sdes_length, tvb, offset, 1, FALSE ); offset++; - if ( sdes_type == RTCP_SDES_PRIV ) { - /* PRIV adds two items between the SDES length - * and value - an 8 bit length giving the - * length of a "prefix string", and the string. - */ - prefix_len = tvb_get_guint8( tvb, offset ); - proto_tree_add_item( sdes_item_tree, hf_rtcp_sdes_prefix_len, tvb, offset, 1, FALSE ); - offset++; - - prefix_string = ep_alloc( prefix_len + 1 ); - for ( counter = 0; counter < prefix_len; counter++ ) - prefix_string[ counter ] = - tvb_get_guint8( tvb, offset + counter ); - /* strncpy( prefix_string, pd + offset, prefix_len ); */ - prefix_string[ prefix_len ] = '\0'; - proto_tree_add_string( sdes_item_tree, hf_rtcp_sdes_prefix_string, tvb, offset, prefix_len, prefix_string ); - offset += prefix_len; - item_len -= prefix_len +1; - } - prefix_string = ep_alloc( item_len + 1 ); - for ( counter = 0; counter < item_len; counter++ ) - prefix_string[ counter ] = - tvb_get_guint8( tvb, offset + counter ); - /* strncpy( prefix_string, pd + offset, item_len ); */ - prefix_string[ item_len] = 0; - proto_tree_add_string( sdes_item_tree, hf_rtcp_sdes_text, tvb, offset, item_len, prefix_string ); - offset += item_len; + if ( item_len != 0 ) { + if ( sdes_type == RTCP_SDES_PRIV ) { + /* PRIV adds two items between the + * SDES length and value - an 8 bit + * length giving the length of a + * "prefix string", and the string. + */ + prefix_len = tvb_get_guint8( tvb, offset ); + if ( prefix_len + 1 > item_len ) { + proto_tree_add_uint_format( sdes_item_tree, + hf_rtcp_sdes_prefix_len, tvb, + offset, 1, prefix_len, + "Prefix length: %u (bogus, must be <= %u)", + prefix_len, item_len - 1); + offset += item_len; + continue; + } + proto_tree_add_item( sdes_item_tree, hf_rtcp_sdes_prefix_len, tvb, offset, 1, FALSE ); + offset++; + + proto_tree_add_item( sdes_item_tree, hf_rtcp_sdes_prefix_string, tvb, offset, prefix_len, FALSE ); + offset += prefix_len; + item_len -= prefix_len +1; + if ( item_len == 0 ) + continue; + } + proto_tree_add_item( sdes_item_tree, hf_rtcp_sdes_text, tvb, offset, item_len, FALSE ); + offset += item_len; + } } /* Set the length of the items subtree. */ |