diff options
| author | Gerald Combs <gerald@wireshark.org> | 2005-06-20 19:35:58 +0000 |
|---|---|---|
| committer | Gerald Combs <gerald@wireshark.org> | 2005-06-20 19:35:58 +0000 |
| commit | 3a6c9ab13448b557586a427bd025bc1ff99ac4cc (patch) | |
| tree | 0bc3f2c2b25520d8672dc5a055f3181818019400 /epan | |
| parent | c3cfe365cfdecc58122b8042797d58004e2297f3 (diff) | |
Fix a format string vulneratility in the AFP dissector identified
by iDEFENSE. Add constant format strings to proto_item_append_text()
in a bunch of other dissectors. Copy a comment from proto.c to proto.h.
svn path=/trunk/; revision=14713
Diffstat (limited to 'epan')
| -rw-r--r-- | epan/dissectors/packet-afp.c | 4 | ||||
| -rw-r--r-- | epan/dissectors/packet-ansi_637.c | 2 | ||||
| -rw-r--r-- | epan/dissectors/packet-ansi_a.c | 14 | ||||
| -rw-r--r-- | epan/dissectors/packet-ansi_map.c | 4 | ||||
| -rw-r--r-- | epan/dissectors/packet-dcerpc-spoolss.c | 4 | ||||
| -rw-r--r-- | epan/dissectors/packet-gsm_a.c | 10 | ||||
| -rw-r--r-- | epan/dissectors/packet-iapp.c | 2 | ||||
| -rw-r--r-- | epan/dissectors/packet-ncp2222.inc | 6 | ||||
| -rw-r--r-- | epan/dissectors/packet-per.c | 2 | ||||
| -rw-r--r-- | epan/dissectors/packet-rsvp.c | 4 | ||||
| -rw-r--r-- | epan/dissectors/packet-slowprotocols.c | 2 | ||||
| -rw-r--r-- | epan/proto.h | 14 |
12 files changed, 40 insertions, 28 deletions
diff --git a/epan/dissectors/packet-afp.c b/epan/dissectors/packet-afp.c index bfafc15c81..2344de22da 100644 --- a/epan/dissectors/packet-afp.c +++ b/epan/dissectors/packet-afp.c @@ -1723,7 +1723,7 @@ get_name(tvbuff_t *tvb, int offset, int type) string = tvb_format_text(tvb,offset, len); break; default: - string = "unknow type"; + string = "Unknown type"; break; } return string; @@ -1902,7 +1902,7 @@ dissect_reply_afp_get_server_param(tvbuff_t *tvb, packet_info *pinfo _U_, proto_ len = tvb_get_guint8(tvb, offset) +1; rep = get_name(tvb, offset, 2); - proto_item_set_text(item, rep); + proto_item_set_text(item, "%s", rep); proto_item_set_len(item, len +1); proto_tree_add_item(tree, hf_afp_vol_name, tvb, offset, 1,FALSE); diff --git a/epan/dissectors/packet-ansi_637.c b/epan/dissectors/packet-ansi_637.c index 8285ed698f..f741e63e74 100644 --- a/epan/dissectors/packet-ansi_637.c +++ b/epan/dissectors/packet-ansi_637.c @@ -1716,7 +1716,7 @@ dissect_ansi_637_trans_param(tvbuff_t *tvb, proto_tree *tree, guint32 *offset) if (ansi_637_add_string[0] != '\0') { - proto_item_append_text(item, ansi_637_add_string); + proto_item_append_text(item, "%s", ansi_637_add_string); } } diff --git a/epan/dissectors/packet-ansi_a.c b/epan/dissectors/packet-ansi_a.c index 9e7c365bb3..f66613a814 100644 --- a/epan/dissectors/packet-ansi_a.c +++ b/epan/dissectors/packet-ansi_a.c @@ -1992,7 +1992,7 @@ elem_cell_id_list(tvbuff_t *tvb, proto_tree *tree, guint32 offset, guint len, gc if (add_string[0] != '\0') { - proto_item_append_text(item, add_string); + proto_item_append_text(item, "%s", add_string); } proto_item_set_len(item, consumed); @@ -2189,7 +2189,7 @@ elem_downlink_re(tvbuff_t *tvb, proto_tree *tree, guint32 offset, guint len, gch if (add_string[0] != '\0') { - proto_item_append_text(item, add_string); + proto_item_append_text(item, "%s", add_string); } proto_item_set_len(item, consumed); @@ -2337,7 +2337,7 @@ elem_ho_pow_lev(tvbuff_t *tvb, proto_tree *tree, guint32 offset, guint len, gcha if (add_string[0] != '\0') { - proto_item_append_text(item, add_string); + proto_item_append_text(item, "%s", add_string); } proto_item_set_len(item, consumed); @@ -2380,7 +2380,7 @@ elem_ho_pow_lev(tvbuff_t *tvb, proto_tree *tree, guint32 offset, guint len, gcha if (add_string[0] != '\0') { - proto_item_append_text(item, add_string); + proto_item_append_text(item, "%s", add_string); } proto_item_set_len(item, consumed); @@ -6055,7 +6055,7 @@ elem_tlv(tvbuff_t *tvb, proto_tree *tree, elem_idx_t idx, guint32 offset, guint if (a_add_string[0] != '\0') { - proto_item_append_text(item, a_add_string); + proto_item_append_text(item, "%s", a_add_string); a_add_string[0] = '\0'; } } @@ -6117,7 +6117,7 @@ elem_tv(tvbuff_t *tvb, proto_tree *tree, elem_idx_t idx, guint32 offset, gchar * if (a_add_string[0] != '\0') { - proto_item_append_text(item, a_add_string); + proto_item_append_text(item, "%s", a_add_string); a_add_string[0] = '\0'; } } @@ -6210,7 +6210,7 @@ elem_lv(tvbuff_t *tvb, proto_tree *tree, elem_idx_t idx, guint32 offset, guint l if (a_add_string[0] != '\0') { - proto_item_append_text(item, a_add_string); + proto_item_append_text(item, "%s", a_add_string); a_add_string[0] = '\0'; } } diff --git a/epan/dissectors/packet-ansi_map.c b/epan/dissectors/packet-ansi_map.c index 13e14f431e..bf4710db16 100644 --- a/epan/dissectors/packet-ansi_map.c +++ b/epan/dissectors/packet-ansi_map.c @@ -12811,7 +12811,7 @@ dissect_ansi_param(ASN1_SCK *asn1, proto_tree *tree) if (ansi_map_add_string[0] != '\0') { - proto_item_append_text(item, ansi_map_add_string); + proto_item_append_text(item, "%s", ansi_map_add_string); ansi_map_add_string[0] = '\0'; } } @@ -12869,7 +12869,7 @@ dissect_ansi_params(ASN1_SCK *asn1, proto_tree *tree) if (ansi_map_add_string[0] != '\0') { - proto_item_append_text(item, ansi_map_add_string); + proto_item_append_text(item, "%s", ansi_map_add_string); ansi_map_add_string[0] = '\0'; } } diff --git a/epan/dissectors/packet-dcerpc-spoolss.c b/epan/dissectors/packet-dcerpc-spoolss.c index a50ded5bb6..764de68e2a 100644 --- a/epan/dissectors/packet-dcerpc-spoolss.c +++ b/epan/dissectors/packet-dcerpc-spoolss.c @@ -1704,7 +1704,7 @@ dissect_spoolss_relstrarray(tvbuff_t *tvb, int offset, packet_info *pinfo, relstr_len = relstr_end - relstr_start; - proto_item_append_text(item, text); + proto_item_append_text(item, "%s", text); if (data) *data = text; @@ -6325,7 +6325,7 @@ dissect_spoolss_printer_enum_values(tvbuff_t *tvb, int offset, subtree = proto_item_add_subtree(item, ett_printer_enumdataex_value); - proto_item_append_text(item, name); + proto_item_append_text(item, "%s", name); proto_tree_add_text( subtree, tvb, offset - 8, 4, "Name offset: %d", name_offset); diff --git a/epan/dissectors/packet-gsm_a.c b/epan/dissectors/packet-gsm_a.c index 8a28eb37e4..f98e9240fb 100644 --- a/epan/dissectors/packet-gsm_a.c +++ b/epan/dissectors/packet-gsm_a.c @@ -2208,7 +2208,7 @@ be_cell_id_list(tvbuff_t *tvb, proto_tree *tree, guint32 offset, guint len, gcha if (add_string[0] != '\0') { - proto_item_append_text(item, add_string); + proto_item_append_text(item, "%s", add_string); } proto_item_set_len(item, consumed); @@ -11356,7 +11356,7 @@ elem_tlv(tvbuff_t *tvb, proto_tree *tree, guint8 iei, gint pdu_type, int idx, gu if (a_add_string[0] != '\0') { - proto_item_append_text(item, a_add_string); + proto_item_append_text(item, "%s", a_add_string); a_add_string[0] = '\0'; } } @@ -11425,7 +11425,7 @@ elem_tv(tvbuff_t *tvb, proto_tree *tree, guint8 iei, gint pdu_type, int idx, gui if (a_add_string[0] != '\0') { - proto_item_append_text(item, a_add_string); + proto_item_append_text(item, "%s", a_add_string); a_add_string[0] = '\0'; } } @@ -11498,7 +11498,7 @@ elem_tv_short(tvbuff_t *tvb, proto_tree *tree, guint8 iei, gint pdu_type, int id if (a_add_string[0] != '\0') { - proto_item_append_text(item, a_add_string); + proto_item_append_text(item, "%s", a_add_string); a_add_string[0] = '\0'; } } @@ -11598,7 +11598,7 @@ elem_lv(tvbuff_t *tvb, proto_tree *tree, gint pdu_type, int idx, guint32 offset, if (a_add_string[0] != '\0') { - proto_item_append_text(item, a_add_string); + proto_item_append_text(item, "%s", a_add_string); a_add_string[0] = '\0'; } } diff --git a/epan/dissectors/packet-iapp.c b/epan/dissectors/packet-iapp.c index 97325c885b..dcf03d9333 100644 --- a/epan/dissectors/packet-iapp.c +++ b/epan/dissectors/packet-iapp.c @@ -320,7 +320,7 @@ append_pduval_str(proto_item *ti, int type, int len, tvbuff_t *tvb, int offset, { if (!first) proto_item_append_text(ti, " "); - proto_item_append_text(ti, strval); + proto_item_append_text(ti, "%s", strval); } } proto_item_append_text(ti, ")"); diff --git a/epan/dissectors/packet-ncp2222.inc b/epan/dissectors/packet-ncp2222.inc index 5bf24b2b4d..9f462241c9 100644 --- a/epan/dissectors/packet-ncp2222.inc +++ b/epan/dissectors/packet-ncp2222.inc @@ -1142,7 +1142,7 @@ padd_date(ptvcursor_t *ptvc, const ptvc_record *rec) uint_to_nwdate(get_item_value(item), &nw_date); - proto_item_set_text(item, get_item_name(item)); + proto_item_set_text(item, "%s", get_item_name(item)); proto_item_append_text(item, ": %04u/%02u/%02u", nw_date.year, nw_date.month, nw_date.day); return item; @@ -1162,7 +1162,7 @@ padd_time(ptvcursor_t *ptvc, const ptvc_record *rec) uint_to_nwtime(get_item_value(item), &nw_time); - proto_item_set_text(item, get_item_name(item)); + proto_item_set_text(item, "%s", get_item_name(item)); proto_item_append_text(item, ": %02u:%02u:%02u", nw_time.hour, nw_time.minute, nw_time.second); return item; @@ -1185,7 +1185,7 @@ padd_uni(ptvcursor_t *ptvc, const ptvc_record *rec) item = ptvcursor_add(ptvc, *rec->hf_ptr, rec->length, rec->endianness); - proto_item_set_text(item, get_item_name(item)); + proto_item_set_text(item, "%s", get_item_name(item)); proto_item_append_text(item, " %s", nw_uni.buffer); diff --git a/epan/dissectors/packet-per.c b/epan/dissectors/packet-per.c index 5adaff5d6d..c5ce0c34e9 100644 --- a/epan/dissectors/packet-per.c +++ b/epan/dissectors/packet-per.c @@ -1036,7 +1036,7 @@ DEBUG_ENTRY("dissect_per_choice"); } else { guint32 new_offset; - proto_item_set_text(choiceitem, choice[index].name); + proto_item_set_text(choiceitem, "%s", choice[index].name); new_offset=choice[index].func(tvb, offset, pinfo, choicetree); if((new_offset>(offset+(length*8)))||((new_offset+8)<(offset+length*8))){ diff --git a/epan/dissectors/packet-rsvp.c b/epan/dissectors/packet-rsvp.c index 1553215e9c..9b45366104 100644 --- a/epan/dissectors/packet-rsvp.c +++ b/epan/dissectors/packet-rsvp.c @@ -1237,7 +1237,7 @@ dissect_rsvp_session (proto_tree *ti, tvbuff_t *tvb, proto_tree_add_text(rsvp_object_tree, tvb, offset+2, 1, "Class number: %u - %s", class, type_str); - proto_item_set_text(ti, summary_session(tvb, offset)); + proto_item_set_text(ti, "%s", summary_session(tvb, offset)); switch(type) { case RSVP_SESSION_TYPE_IPV4: @@ -1866,7 +1866,7 @@ dissect_rsvp_template_filter (proto_tree *ti, tvbuff_t *tvb, break; } - proto_item_set_text(ti, summary_template(tvb, offset)); + proto_item_set_text(ti, "%s", summary_template(tvb, offset)); switch(type) { case 1: proto_tree_add_text(rsvp_object_tree, tvb, offset+3, 1, diff --git a/epan/dissectors/packet-slowprotocols.c b/epan/dissectors/packet-slowprotocols.c index ba3ca3f131..f81b1da499 100644 --- a/epan/dissectors/packet-slowprotocols.c +++ b/epan/dissectors/packet-slowprotocols.c @@ -841,7 +841,7 @@ static const char cont_sep[] = ", "; if(item){ \ string = get_manuf_name(mac); \ proto_item_append_text(item, " ("); \ - proto_item_append_text(item, string); \ + proto_item_append_text(item, "%s", string); \ proto_item_append_text(item, ")"); \ } diff --git a/epan/proto.h b/epan/proto.h index 0744be19f9..32761ea20a 100644 --- a/epan/proto.h +++ b/epan/proto.h @@ -907,7 +907,19 @@ proto_tree_add_debug_text(proto_tree *tree, const char *format, -/** Append a string to a protocol item. +/** Append a string to a protocol item.<br> + NOTE: this function will break with the TRY_TO_FAKE_THIS_ITEM() + speed optimization. + Currently only WSP use this function so it is not that bad but try to + avoid using this one if possible. + IF you must use this function you MUST also disable the + TRY_TO_FAKE_THIS_ITEM() optimization for your dissector/function + using proto_item_append_string(). + Do that by faking that the tree is visible by setting : + PTREE_DATA(tree)->visible=1; (see packet-wsp.c) + BEFORE you create the item you are later going to use + proto_item_append_string() on. + @param pi the item to append the string to @param str the string to append */ extern void |