diff options
author | João Valverde <j@v6e.pt> | 2021-10-15 11:02:48 +0100 |
---|---|---|
committer | João Valverde <j@v6e.pt> | 2021-10-15 13:06:51 +0100 |
commit | c484ad0e5c6cadcda02a7079aa53b76be418c391 (patch) | |
tree | 01c0c7c8d7f841091c789388cbb29a28b51347cb /epan/ftypes/ftype-string.c | |
parent | 144dc1e2eefbb3e19b78ccb4a8c2c57bba9c212b (diff) |
dfilter: Don't try to parse byte arrays as strings
It won't work with embedded null bytes so don't try. This is
not an additional restriction, it just removes a hidden failure
mode. To support matching embedded NUL bytes we would have
to use an internal string representation other than
null-terminated C strings (which doesn't seem very onerous with
GString).
Before:
Filter: http.user_agent == 41:42:00:43
Constants:
00000 PUT_FVALUE "AB" <FT_STRING> -> reg#1
Instructions:
00000 READ_TREE http.user_agent -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_EQ reg#0 == reg#1
00003 RETURN
After:
Filter: http.user_agent == 41:42:00:43
Constants:
00000 PUT_FVALUE "41:42:00:43" <FT_STRING> -> reg#1
Instructions:
00000 READ_TREE http.user_agent -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_EQ reg#0 == reg#1
00003 RETURN
Diffstat (limited to 'epan/ftypes/ftype-string.c')
-rw-r--r-- | epan/ftypes/ftype-string.c | 28 |
1 files changed, 5 insertions, 23 deletions
diff --git a/epan/ftypes/ftype-string.c b/epan/ftypes/ftype-string.c index 28d5636fab..21c76dfa8b 100644 --- a/epan/ftypes/ftype-string.c +++ b/epan/ftypes/ftype-string.c @@ -89,29 +89,11 @@ val_from_string(fvalue_t *fv, const char *s, gchar **err_msg _U_) static gboolean val_from_unparsed(fvalue_t *fv, const char *s, gboolean allow_partial_value _U_, gchar **err_msg) { - fvalue_t *fv_bytes; - - /* Does this look like a byte-string? */ - fv_bytes = fvalue_from_unparsed(FT_BYTES, s, TRUE, NULL); - if (fv_bytes) { - /* Free up the old value, if we have one */ - string_fvalue_free(fv); - - /* Copy the bytes over to a string and terminate it - * with a NUL. XXX - what if the user embeds a NUL - * in the middle of the byte string? */ - int num_bytes = fv_bytes->value.bytes->len; - - fv->value.string = (gchar *)g_malloc(num_bytes + 1); - memcpy(fv->value.string, fv_bytes->value.bytes->data, num_bytes); - fv->value.string[num_bytes] = '\0'; - - FVALUE_FREE(fv_bytes); - return TRUE; - } else { - /* Just turn it into a string */ - return val_from_string(fv, s, err_msg); - } + /* Just turn it into a string */ + /* XXX Should probably be a syntax error instead. It's more user-friendly to ask the + * user to be explicit about the meaning of unparsed than them trying to figure out + * why a valid filter expression is giving wrong results. */ + return val_from_string(fv, s, err_msg); } static guint |