diff options
author | Jörg Mayer <jmayer@loplof.de> | 2006-01-20 21:18:18 +0000 |
---|---|---|
committer | Jörg Mayer <jmayer@loplof.de> | 2006-01-20 21:18:18 +0000 |
commit | a052b3a98b5ddb839ad5c7bb22c8ed06cfca3f58 (patch) | |
tree | 016767623fc98e98b07e2c39e6ab1e27f4febf89 /epan | |
parent | 613d04a1ce869e9811eb13f4cf5a1a5b0bb5c632 (diff) |
packet-bgp.c: Fix incorrect use of g_snprintf return value
mp_addr_to_str was unnecessary 'complex' - simplified it
packet-dns.c: Fix incorrect use of g_snprintf return value
packet-dcm.c: Fix incorrect use of g_snprintf return value
Someone who understands the protocol should look at the
"vr, tr might be used uninitialized..." warning.
packet-x11.c: Fix incorrect use of g_snprintf return value
packet-kerberos.c: Fix incorrect use of g_snprintf return value
Someone should take a look at the
"longjump might clobber ..." messages
packet-diameter.c: Fix incorrect use of g_snprintf return value
Get rid of unsigned < 0 check
packet-pgm.c: Fix incorrect use of g_snprintf return value
packet-nbns.c: Fix incorrect use of g_snprintf return value
packet-winsrepl.c: Collateral damage to packet-nbns.c fix
packet-netbios.c: Collateral damage to packet-nbns.c fix
packet-netbios.h: Collateral damage to packet-nbns.c fix
packet-kerberos.c: Collateral damage to packet-nbns.c fix
packet-nbipx.c: Collateral damage to packet-nbns.c fix
svn path=/trunk/; revision=17065
Diffstat (limited to 'epan')
-rw-r--r-- | epan/dissectors/packet-bgp.c | 39 | ||||
-rw-r--r-- | epan/dissectors/packet-dcm.c | 27 | ||||
-rw-r--r-- | epan/dissectors/packet-diameter.c | 14 | ||||
-rw-r--r-- | epan/dissectors/packet-dns.c | 32 | ||||
-rw-r--r-- | epan/dissectors/packet-kerberos.c | 21 | ||||
-rw-r--r-- | epan/dissectors/packet-nbipx.c | 6 | ||||
-rw-r--r-- | epan/dissectors/packet-nbns.c | 37 | ||||
-rw-r--r-- | epan/dissectors/packet-netbios.c | 31 | ||||
-rw-r--r-- | epan/dissectors/packet-netbios.h | 4 | ||||
-rw-r--r-- | epan/dissectors/packet-pgm.c | 45 | ||||
-rw-r--r-- | epan/dissectors/packet-winsrepl.c | 2 | ||||
-rw-r--r-- | epan/dissectors/packet-x11.c | 34 |
12 files changed, 169 insertions, 123 deletions
diff --git a/epan/dissectors/packet-bgp.c b/epan/dissectors/packet-bgp.c index 0298ce4382..d32baa2fe1 100644 --- a/epan/dissectors/packet-bgp.c +++ b/epan/dissectors/packet-bgp.c @@ -484,19 +484,20 @@ decode_MPLS_stack(tvbuff_t *tvb, gint offset, char *buf, size_t buflen) /* withdrawn routes may contain 0 or 0x800000 in the first label */ if((index-offset)==0&&(label_entry==0||label_entry==0x800000)) { - bufptr+=g_snprintf(bufptr, buflen-(bufptr-buf), "0 (withdrawn)"); + g_snprintf(bufptr, buflen-(bufptr-buf), "0 (withdrawn)"); return (1); } - bufptr+=g_snprintf(bufptr, buflen-(bufptr-buf), "%u%s", - (label_entry >> 4), - ((label_entry & 0x000001) == 0) ? "," : " (bottom)"); + bufptr+=MIN(buflen-(bufptr-buf), + g_snprintf(bufptr, buflen-(bufptr-buf), "%u%s", + (label_entry >> 4), + ((label_entry & 0x000001) == 0) ? "," : " (bottom)")); index += 3 ; if ((label_entry & 0x000001) == 0) { /* real MPLS multi-label stack in BGP? - maybe later; for now, it must be a bogus packet */ - bufptr+=g_snprintf(bufptr, buflen-(bufptr-buf), " (BOGUS: Bottom of Stack NOT set!)"); + g_snprintf(bufptr, buflen-(bufptr-buf), " (BOGUS: Bottom of Stack NOT set!)"); break; } } @@ -515,10 +516,8 @@ mp_addr_to_str (guint16 afi, guint8 safi, tvbuff_t *tvb, gint offset, char *buf, guint32 ip4addr,ip4addr2; /* IPv4 address */ guint16 rd_type; /* Route Distinguisher type */ struct e_in6_addr ip6addr; /* IPv6 address */ - char *strptr; buf[0]=0; - strptr=buf; length = 0 ; switch (afi) { @@ -531,7 +530,7 @@ mp_addr_to_str (guint16 afi, guint8 safi, tvbuff_t *tvb, gint offset, char *buf, case SAFNUM_TUNNEL: length = 4 ; ip4addr = tvb_get_ipv4(tvb, offset); - strptr += g_snprintf(strptr, buf_len-(strptr-buf), "%s", ip_to_str((guint8 *)&ip4addr)); + g_snprintf(buf, buf_len, "%s", ip_to_str((guint8 *)&ip4addr)); break; case SAFNUM_LAB_VPNUNICAST: case SAFNUM_LAB_VPNMULCAST: @@ -541,7 +540,7 @@ mp_addr_to_str (guint16 afi, guint8 safi, tvbuff_t *tvb, gint offset, char *buf, case FORMAT_AS2_LOC: length = 8 + sizeof(ip4addr); ip4addr = tvb_get_ipv4(tvb, offset + 8); /* Next Hop */ - strptr += g_snprintf(strptr, buf_len-(strptr-buf), "Empty Label Stack RD=%u:%u IPv4=%s", + g_snprintf(buf, buf_len, "Empty Label Stack RD=%u:%u IPv4=%s", tvb_get_ntohs(tvb, offset + 2), tvb_get_ntohl(tvb, offset + 4), ip_to_str((guint8 *)&ip4addr)); @@ -550,20 +549,20 @@ mp_addr_to_str (guint16 afi, guint8 safi, tvbuff_t *tvb, gint offset, char *buf, length = 8 + sizeof(ip4addr); ip4addr = tvb_get_ipv4(tvb, offset + 2); /* IP part of the RD */ ip4addr2 = tvb_get_ipv4(tvb, offset + 8); /* Next Hop */ - strptr += g_snprintf(strptr, buf_len-(strptr-buf), "Empty Label Stack RD=%s:%u IPv4=%s", + g_snprintf(buf, buf_len, "Empty Label Stack RD=%s:%u IPv4=%s", ip_to_str((guint8 *)&ip4addr), tvb_get_ntohs(tvb, offset + 6), ip_to_str((guint8 *)&ip4addr2)); break ; default: length = 0 ; - strptr += g_snprintf(strptr, buf_len-(strptr-buf), "Unknown (0x%04x) labeled VPN IPv4 address format",rd_type); + g_snprintf(buf, buf_len, "Unknown (0x%04x) labeled VPN IPv4 address format",rd_type); break; } break; default: length = 0 ; - strptr += g_snprintf(strptr, buf_len-(strptr-buf), "Unknown SAFI (%u) for AFI %u", safi, afi); + g_snprintf(buf, buf_len, "Unknown SAFI (%u) for AFI %u", safi, afi); break; } break; @@ -576,7 +575,7 @@ mp_addr_to_str (guint16 afi, guint8 safi, tvbuff_t *tvb, gint offset, char *buf, case SAFNUM_TUNNEL: length = 16 ; tvb_get_ipv6(tvb, offset, &ip6addr); - strptr += g_snprintf(strptr, buf_len-(strptr-buf), "%s", ip6_to_str(&ip6addr)); + g_snprintf(buf, buf_len, "%s", ip6_to_str(&ip6addr)); break; case SAFNUM_LAB_VPNUNICAST: case SAFNUM_LAB_VPNMULCAST: @@ -586,7 +585,7 @@ mp_addr_to_str (guint16 afi, guint8 safi, tvbuff_t *tvb, gint offset, char *buf, case FORMAT_AS2_LOC: length = 8 + 16; tvb_get_ipv6(tvb, offset + 8, &ip6addr); /* Next Hop */ - strptr += g_snprintf(strptr, buf_len-(strptr-buf), "Empty Label Stack RD=%u:%u IPv6=%s", + g_snprintf(buf, buf_len, "Empty Label Stack RD=%u:%u IPv6=%s", tvb_get_ntohs(tvb, offset + 2), tvb_get_ntohl(tvb, offset + 4), ip6_to_str(&ip6addr)); @@ -595,20 +594,20 @@ mp_addr_to_str (guint16 afi, guint8 safi, tvbuff_t *tvb, gint offset, char *buf, length = 8 + 16; ip4addr = tvb_get_ipv4(tvb, offset + 2); /* IP part of the RD */ tvb_get_ipv6(tvb, offset + 8, &ip6addr); /* Next Hop */ - strptr += g_snprintf(strptr, buf_len-(strptr-buf), "Empty Label Stack RD=%s:%u IPv6=%s", + g_snprintf(buf, buf_len, "Empty Label Stack RD=%s:%u IPv6=%s", ip_to_str((guint8 *)&ip4addr), tvb_get_ntohs(tvb, offset + 6), ip6_to_str(&ip6addr)); break ; default: length = 0 ; - strptr += g_snprintf(strptr, buf_len-(strptr-buf), "Unknown (0x%04x) labeled VPN IPv6 address format",rd_type); + g_snprintf(buf, buf_len, "Unknown (0x%04x) labeled VPN IPv6 address format",rd_type); break; } break; default: length = 0 ; - strptr += g_snprintf(strptr, buf_len-(strptr-buf), "Unknown SAFI (%u) for AFI %u", safi, afi); + g_snprintf(buf, buf_len, "Unknown SAFI (%u) for AFI %u", safi, afi); break; } break; @@ -621,18 +620,18 @@ mp_addr_to_str (guint16 afi, guint8 safi, tvbuff_t *tvb, gint offset, char *buf, case SAFNUM_VPLS: length = 4; /* the next-hop is simply an ipv4 addr */ ip4addr = tvb_get_ipv4(tvb, offset + 0); - strptr += g_snprintf(strptr, buf_len-(strptr-buf), "IPv4=%s", + g_snprintf(buf, buf_len, "IPv4=%s", ip_to_str((guint8 *)&ip4addr)); break; default: length = 0 ; - strptr += g_snprintf(strptr, buf_len-(strptr-buf), "Unknown SAFI (%u) for AFI %u", safi, afi); + g_snprintf(buf, buf_len, "Unknown SAFI (%u) for AFI %u", safi, afi); break; } break; default: length = 0 ; - strptr += g_snprintf(strptr, buf_len-(strptr-buf), "Unknown AFI (%u) value", afi); + g_snprintf(buf, buf_len, "Unknown AFI (%u) value", afi); break; } return(length) ; diff --git a/epan/dissectors/packet-dcm.c b/epan/dissectors/packet-dcm.c index e9601330fa..2a3845adc3 100644 --- a/epan/dissectors/packet-dcm.c +++ b/epan/dissectors/packet-dcm.c @@ -527,55 +527,64 @@ dcm_tag2str(guint16 grp, guint16 elm, guint8 syntax, tvbuff_t *tvb, int offset, DISSECTOR_ASSERT(MAX_BUF_LEN > strlen(dtag->desc)); p=buf; - p+=g_snprintf(p, MAX_BUF_LEN-(p-buf), "%s", dtag->desc); + p+=MIN(MAX_BUF_LEN-(p-buf), + g_snprintf(p, MAX_BUF_LEN-(p-buf), "%s", dtag->desc)); if (vr > 0) { vval = tvb_format_text(tvb, vr, 2); - p+=g_snprintf(p, MAX_BUF_LEN-(p-buf), " [%s]", vval); + p+=MIN(MAX_BUF_LEN-(p-buf), + g_snprintf(p, MAX_BUF_LEN-(p-buf), " [%s]", vval)); } switch (tr > 0 ? tr : dtag->dtype) { case DCM_TSTR: default: /* try ascii */ vval = tvb_format_text(tvb, offset, len); - p+=g_snprintf(p, MAX_BUF_LEN-(p-buf), " %s", vval); + p+=MIN(MAX_BUF_LEN-(p-buf), + g_snprintf(p, MAX_BUF_LEN-(p-buf), " %s", vval)); break; case DCM_TINT2: if (DCM_ILE & syntax) val16 = tvb_get_letohs(tvb, offset); else val16 = tvb_get_ntohs(tvb, offset); - p+=g_snprintf(p, MAX_BUF_LEN-(p-buf), " 0x%x (%d)", val16, val16); + p+=MIN(MAX_BUF_LEN-(p-buf), + g_snprintf(p, MAX_BUF_LEN-(p-buf), " 0x%x (%d)", val16, val16)); break; case DCM_TINT4: if (DCM_ILE & syntax) val32 = tvb_get_letohl(tvb, offset); else val32 = tvb_get_ntohl(tvb, offset); - p+=g_snprintf(p, MAX_BUF_LEN-(p-buf), " 0x%x (%d)", val32, val32); + p+=MIN(MAX_BUF_LEN-(p-buf), + g_snprintf(p, MAX_BUF_LEN-(p-buf), " 0x%x (%d)", val32, val32)); break; case DCM_TFLT: { gfloat valf; if (DCM_ILE & syntax) valf = tvb_get_letohieee_float(tvb, offset); else valf = tvb_get_ntohieee_float(tvb, offset); - p+=g_snprintf(p, MAX_BUF_LEN-(p-buf), " (%f)", valf); + p+=MIN(MAX_BUF_LEN-(p-buf), + g_snprintf(p, MAX_BUF_LEN-(p-buf), " (%f)", valf)); } break; case DCM_TDBL: { gdouble vald; if (DCM_ILE & syntax) vald = tvb_get_letohieee_double(tvb, offset); else vald = tvb_get_ntohieee_double(tvb, offset); - p+=g_snprintf(p, MAX_BUF_LEN-(p-buf), " (%f)", vald); + p+=MIN(MAX_BUF_LEN-(p-buf), + g_snprintf(p, MAX_BUF_LEN-(p-buf), " (%f)", vald)); } break; case DCM_TSTAT: /* call dcm_rsp2str() on TINT2 */ if (DCM_ILE & syntax) val16 = tvb_get_letohs(tvb, offset); else val16 = tvb_get_ntohs(tvb, offset); - p+=g_snprintf(p, MAX_BUF_LEN-(p-buf), " 0x%x '%s'", val16, dcm_rsp2str(val16)); + p+=MIN(MAX_BUF_LEN-(p-buf), + g_snprintf(p, MAX_BUF_LEN-(p-buf), " 0x%x '%s'", val16, dcm_rsp2str(val16))); break; case DCM_TCMD: /* call dcm_cmd2str() on TINT2 */ if (DCM_ILE & syntax) val16 = tvb_get_letohs(tvb, offset); else val16 = tvb_get_ntohs(tvb, offset); - p+=g_snprintf(p, MAX_BUF_LEN-(p-buf), " 0x%x '%s'", val16, dcm_cmd2str(val16)); + p+=MIN(MAX_BUF_LEN-(p-buf), + g_snprintf(p, MAX_BUF_LEN-(p-buf), " 0x%x '%s'", val16, dcm_cmd2str(val16))); break; case DCM_SQ: /* Sequence */ case DCM_OTH: /* Other BYTE, WORD, ... */ diff --git a/epan/dissectors/packet-diameter.c b/epan/dissectors/packet-diameter.c index f5e0bb3aa5..acdf32a968 100644 --- a/epan/dissectors/packet-diameter.c +++ b/epan/dissectors/packet-diameter.c @@ -664,7 +664,7 @@ dictionaryAddApplication(char *name, guint32 id) { ApplicationId *entry; - if (!name || (id < 0) || (id == 0 && !allow_zero_as_app_id)) { + if (!name || (id == 0 && !allow_zero_as_app_id)) { report_failure( "Diameter Error: Invalid application (name=%p, id=%d)", name, id); return (-1); @@ -1275,9 +1275,11 @@ dissect_diameter_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) bpos = 1 << i; if (flags & bpos) { if (flagstr[0]) { - fslen+=g_snprintf(flagstr+fslen, FLAG_STR_LEN-fslen, ", "); + fslen+=MIN(FLAG_STR_LEN-fslen, + g_snprintf(flagstr+fslen, FLAG_STR_LEN-fslen, ", ")); } - fslen+=g_snprintf(flagstr+fslen, FLAG_STR_LEN-fslen, "%s", fstr[i]); + fslen+=MIN(FLAG_STR_LEN-fslen, + g_snprintf(flagstr+fslen, FLAG_STR_LEN-fslen, "%s", fstr[i])); } } if (flagstr[0] == 0) { @@ -1626,9 +1628,11 @@ static void dissect_avps(tvbuff_t *tvb, packet_info *pinfo, proto_tree *avp_tree bpos = 1 << i; if (flags & bpos) { if (flagstr[0]) { - fslen+=g_snprintf(flagstr+fslen, FLAG_STR_LEN-fslen, ", "); + fslen+=MIN(FLAG_STR_LEN-fslen, + g_snprintf(flagstr+fslen, FLAG_STR_LEN-fslen, ", ")); } - fslen+=g_snprintf(flagstr+fslen, FLAG_STR_LEN-fslen, "%s", fstr[i]); + fslen+=MIN(FLAG_STR_LEN-fslen, + g_snprintf(flagstr+fslen, FLAG_STR_LEN-fslen, "%s", fstr[i])); } } if (flagstr[0] == 0) { diff --git a/epan/dissectors/packet-dns.c b/epan/dissectors/packet-dns.c index 6599650111..59de4a896d 100644 --- a/epan/dissectors/packet-dns.c +++ b/epan/dissectors/packet-dns.c @@ -1185,19 +1185,23 @@ dissect_dns_answer(tvbuff_t *tvb, int offset, int dns_data_offset, for (i = 0; i < 8; i++) { if (bits & mask) { if (strptr!=bitnames) - strptr += g_snprintf(strptr, MAX_STR_LEN-(strptr-bitnames), ", "); + strptr += MIN(MAX_STR_LEN-(strptr-bitnames), + g_snprintf(strptr, MAX_STR_LEN-(strptr-bitnames), ", ")); switch (protocol) { case IP_PROTO_TCP: - strptr += g_snprintf(strptr, MAX_STR_LEN-(strptr-bitnames), get_tcp_port(port_num)); + strptr += MIN(MAX_STR_LEN-(strptr-bitnames), + g_snprintf(strptr, MAX_STR_LEN-(strptr-bitnames), get_tcp_port(port_num))); break; case IP_PROTO_UDP: - strptr += g_snprintf(strptr, MAX_STR_LEN-(strptr-bitnames), get_udp_port(port_num)); + strptr += MIN(MAX_STR_LEN-(strptr-bitnames), + g_snprintf(strptr, MAX_STR_LEN-(strptr-bitnames), get_udp_port(port_num))); break; default: - strptr += g_snprintf(strptr, MAX_STR_LEN-(strptr-bitnames), "%u", port_num); + strptr += MIN(MAX_STR_LEN-(strptr-bitnames), + g_snprintf(strptr, MAX_STR_LEN-(strptr-bitnames), "%u", port_num)); break; } } @@ -2337,14 +2341,16 @@ dissect_dns_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, if (check_col(pinfo->cinfo, COL_INFO)) { bufpos=0; - bufpos+=g_snprintf(buf+bufpos, MAX_BUF_SIZE-bufpos, "%s%s", + bufpos+=MIN(MAX_BUF_SIZE-bufpos, + g_snprintf(buf+bufpos, MAX_BUF_SIZE-bufpos, "%s%s", val_to_str(opcode, opcode_vals, "Unknown operation (%u)"), - (flags&F_RESPONSE)?" response":""); + (flags&F_RESPONSE)?" response":"")); if (flags & F_RESPONSE) { if ((flags & F_RCODE) != RCODE_NOERROR) { - bufpos+=g_snprintf(buf+bufpos, MAX_BUF_SIZE-bufpos, ", %s", - val_to_str(flags & F_RCODE, rcode_vals, "Unknown error (%u)")); + bufpos+=MIN(MAX_BUF_SIZE-bufpos, + g_snprintf(buf+bufpos, MAX_BUF_SIZE-bufpos, ", %s", + val_to_str(flags & F_RCODE, rcode_vals, "Unknown error (%u)"))); } } col_add_str(pinfo->cinfo, COL_INFO, buf); @@ -2376,11 +2382,13 @@ dissect_dns_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, offset + DNS_ID, 2, id); bufpos=0; - bufpos+=g_snprintf(buf+bufpos, MAX_BUF_SIZE-bufpos, "%s", - val_to_str(opcode, opcode_vals, "Unknown operation")); + bufpos+=MIN(MAX_BUF_SIZE-bufpos, + g_snprintf(buf+bufpos, MAX_BUF_SIZE-bufpos, "%s", + val_to_str(opcode, opcode_vals, "Unknown operation"))); if (flags & F_RESPONSE) { - bufpos+=g_snprintf(buf+bufpos, MAX_BUF_SIZE-bufpos, " response, %s", - val_to_str(flags & F_RCODE, rcode_vals, "Unknown error")); + bufpos+=MIN(MAX_BUF_SIZE-bufpos, + g_snprintf(buf+bufpos, MAX_BUF_SIZE-bufpos, " response, %s", + val_to_str(flags & F_RCODE, rcode_vals, "Unknown error"))); } tf = proto_tree_add_uint_format(dns_tree, hf_dns_flags, tvb, offset + DNS_FLAGS, 2, diff --git a/epan/dissectors/packet-kerberos.c b/epan/dissectors/packet-kerberos.c index ffc2d75463..09bfa20bed 100644 --- a/epan/dissectors/packet-kerberos.c +++ b/epan/dissectors/packet-kerberos.c @@ -389,11 +389,14 @@ read_keytab_file(const char *filename, krb5_context *context) /* generate origin string, describing where this key came from */ pos=new_key->key_origin; - pos+=g_snprintf(pos, KRB_MAX_ORIG_LEN, "keytab principal "); + pos+=MIN(KRB_MAX_ORIG_LEN, + g_snprintf(pos, KRB_MAX_ORIG_LEN, "keytab principal ")); for(i=0;i<key.principal->length;i++){ - pos+=g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "%s%s",(i?"/":""),(key.principal->data[i]).data); + pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), + g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "%s%s",(i?"/":""),(key.principal->data[i]).data)); } - pos+=g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "@%s",key.principal->realm.data); + pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), + g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "@%s",key.principal->realm.data)); *pos=0; /*printf("added key for principal :%s\n", new_key->key_origin);*/ new_key->keytype=key.key.enctype; @@ -509,11 +512,14 @@ read_keytab_file(const char *filename, krb5_context *context) /* generate origin string, describing where this key came from */ pos=new_key->key_origin; - pos+=g_snprintf(pos, KRB_MAX_ORIG_LEN, "keytab principal "); + pos+=MIN(KRB_MAX_ORIG_LEN, + g_snprintf(pos, KRB_MAX_ORIG_LEN, "keytab principal ")); for(i=0;i<key.principal->name.name_string.len;i++){ - pos+=g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "%s%s",(i?"/":""),key.principal->name.name_string.val[i]); + pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), + g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "%s%s",(i?"/":""),key.principal->name.name_string.val[i])); } - pos+=g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "@%s",key.principal->realm); + pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), + g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "@%s",key.principal->realm)); *pos=0; new_key->keytype=key.keyblock.keytype; new_key->keylength=key.keyblock.keyvalue.length; @@ -1640,8 +1646,9 @@ static int dissect_krb5_address(packet_info *pinfo, proto_tree *tree, tvbuff_t * { char netbios_name[(NETBIOS_NAME_LEN - 1)*4 + 1]; int netbios_name_type; + int netbios_name_len = (NETBIOS_NAME_LEN - 1)*4 + 1; - netbios_name_type = process_netbios_name(tvb_get_ptr(tvb, offset, 16), netbios_name); + netbios_name_type = process_netbios_name(tvb_get_ptr(tvb, offset, 16), netbios_name, netbios_name_len); g_snprintf(address_str, 255, "%s<%02x>", netbios_name, netbios_name_type); it=proto_tree_add_string_format(tree, hf_krb_address_netbios, tvb, offset, 16, netbios_name, "NetBIOS Name: %s (%s)", address_str, netbios_name_type_descr(netbios_name_type)); } diff --git a/epan/dissectors/packet-nbipx.c b/epan/dissectors/packet-nbipx.c index 3717b063f3..85f551077f 100644 --- a/epan/dissectors/packet-nbipx.c +++ b/epan/dissectors/packet-nbipx.c @@ -283,7 +283,7 @@ dissect_nbipx(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) case NBIPX_NAME_IN_USE: case NBIPX_DEREGISTER_NAME: name_type_flag = tvb_get_guint8(tvb, offset); - name_type = get_netbios_name(tvb, offset+2, name); + name_type = get_netbios_name(tvb, offset+2, name, (NETBIOS_NAME_LEN - 1)*4 + 1); if (check_col(pinfo->cinfo, COL_INFO)) { col_add_fstr(pinfo->cinfo, COL_INFO, "%s %s<%02x>", val_to_str(packet_type, nbipx_data_stream_type_vals, "Unknown"), @@ -693,8 +693,8 @@ dissect_nmpi(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) */ opcode = tvb_get_guint8(tvb, offset); nmpi_name_type = tvb_get_guint8(tvb, offset+1); - name_type = get_netbios_name(tvb, offset+4, name); - node_name_type = get_netbios_name(tvb, offset+20, node_name); + name_type = get_netbios_name(tvb, offset+4, name, (NETBIOS_NAME_LEN - 1)*4 + 1); + node_name_type = get_netbios_name(tvb, offset+20, node_name, (NETBIOS_NAME_LEN - 1)*4 + 1); if (check_col(pinfo->cinfo, COL_INFO)) { switch (opcode) { diff --git a/epan/dissectors/packet-nbns.c b/epan/dissectors/packet-nbns.c index f482a34c28..1bcc5d6d6a 100644 --- a/epan/dissectors/packet-nbns.c +++ b/epan/dissectors/packet-nbns.c @@ -277,16 +277,16 @@ get_nbns_name(tvbuff_t *tvb, int offset, int nbns_data_offset, int name_len; char *name; char *nbname; - char *pname, *pnbname, cname, cnbname; + char *pname, cname, cnbname; int name_type; char *pname_ret; + size_t index = 0; nbname=ep_alloc(NBNAME_BUF_LEN); name_len = get_dns_name(tvb, offset, nbns_data_offset, &name); /* OK, now undo the first-level encoding. */ pname = &name[0]; - pnbname = &nbname[0]; pname_ret=name_ret; for (;;) { @@ -299,7 +299,7 @@ get_nbns_name(tvbuff_t *tvb, int offset, int nbns_data_offset, break; /* scope ID follows */ if (cname < 'A' || cname > 'Z') { /* Not legal. */ - nbname="Illegal NetBIOS name (character not between A and Z in first-level encoding)"; + nbname="Illegal NetBIOS name (1st character not between A and Z in first-level encoding)"; goto bad; } cname -= 'A'; @@ -315,7 +315,7 @@ get_nbns_name(tvbuff_t *tvb, int offset, int nbns_data_offset, } if (cname < 'A' || cname > 'Z') { /* Not legal. */ - nbname="Illegal NetBIOS name (character not between A and Z in first-level encoding)"; + nbname="Illegal NetBIOS name (2nd character not between A and Z in first-level encoding)"; goto bad; } cname -= 'A'; @@ -323,32 +323,29 @@ get_nbns_name(tvbuff_t *tvb, int offset, int nbns_data_offset, pname++; /* Do we have room to store the character? */ - if (pnbname < &nbname[NETBIOS_NAME_LEN]) { + if (index < NETBIOS_NAME_LEN) { /* Yes - store the character. */ - *pnbname = cnbname; + nbname[index++] = cnbname; } - - /* We bump the pointer even if it's past the end of the - name, so we keep track of how long the name is. */ - pnbname++; } /* NetBIOS names are supposed to be exactly 16 bytes long. */ - if (pnbname - nbname != NETBIOS_NAME_LEN) { + if (index != NETBIOS_NAME_LEN) { /* It's not. */ - g_snprintf(nbname, NBNAME_BUF_LEN, "Illegal NetBIOS name (%ld bytes long)", - (long)(pnbname - nbname)); + g_snprintf(nbname, NBNAME_BUF_LEN, "Illegal NetBIOS name (%d bytes long)", + index); goto bad; } /* This one is; make its name printable. */ - name_type = process_netbios_name(nbname, name_ret); - pname_ret += strlen(name_ret); - pname_ret += g_snprintf(pname_ret, name_ret_len-(pname_ret-name_ret), "<%02x>", name_type); + name_type = process_netbios_name(nbname, name_ret, name_ret_len); + pname_ret += MIN(strlen(name_ret), name_ret_len); + pname_ret += MIN(name_ret_len-(pname_ret-name_ret), + g_snprintf(pname_ret, name_ret_len-(pname_ret-name_ret), "<%02x>", name_type)); if (cname == '.') { /* We have a scope ID, starting at "pname"; append that to * the decoded host name. */ - pname_ret += g_snprintf(pname_ret, name_ret_len-(pname_ret-name_ret), "%s", pname); + g_snprintf(pname_ret, name_ret_len-(pname_ret-name_ret), "%s", pname); } if (name_type_ret != NULL) *name_type_ret = name_type; @@ -357,7 +354,9 @@ get_nbns_name(tvbuff_t *tvb, int offset, int nbns_data_offset, bad: if (name_type_ret != NULL) *name_type_ret = -1; - pname_ret += g_snprintf(pname_ret, name_ret_len-(pname_ret-name_ret), "%s", nbname); + /* This is only valid because nbname is always assigned an error string + * before jumping to bad: Otherwise nbname wouldn't be \0 terminated */ + g_snprintf(pname_ret, name_ret_len-(pname_ret-name_ret), "%s", nbname); return name_len; } @@ -740,7 +739,7 @@ dissect_nbns_answer(tvbuff_t *tvb, int offset, int nbns_data_offset, tvb_memcpy(tvb, (guint8 *)nbname, cur_offset, NETBIOS_NAME_LEN); name_type = process_netbios_name(nbname, - name_str); + name_str, name_len); proto_tree_add_text(rr_tree, tvb, cur_offset, NETBIOS_NAME_LEN, "Name: %s<%02x> (%s)", name_str, name_type, diff --git a/epan/dissectors/packet-netbios.c b/epan/dissectors/packet-netbios.c index 8b39fdea70..1595aaca56 100644 --- a/epan/dissectors/packet-netbios.c +++ b/epan/dissectors/packet-netbios.c @@ -281,7 +281,7 @@ void capture_netbios(packet_counts *ld) int -process_netbios_name(const guchar *name_ptr, char *name_ret) +process_netbios_name(const guchar *name_ptr, char *name_ret, int name_ret_len) { int i; int name_type = *(name_ptr + NETBIOS_NAME_LEN - 1); @@ -290,15 +290,20 @@ process_netbios_name(const guchar *name_ptr, char *name_ret) for (i = 0; i < NETBIOS_NAME_LEN - 1; i++) { name_char = *name_ptr++; - if (name_char >= ' ' && name_char <= '~') - *name_ret++ = name_char; - else { + if (name_char >= ' ' && name_char <= '~') { + if (--name_ret_len > 0) + *name_ret++ = name_char; + } else { /* It's not printable; show it as <XX>, where XX is the value in hex. */ - *name_ret++ = '<'; - *name_ret++ = hex_digits[(name_char >> 4)]; - *name_ret++ = hex_digits[(name_char & 0x0F)]; - *name_ret++ = '>'; + if (--name_ret_len > 0) + *name_ret++ = '<'; + if (--name_ret_len > 0) + *name_ret++ = hex_digits[(name_char >> 4)]; + if (--name_ret_len > 0) + *name_ret++ = hex_digits[(name_char & 0x0F)]; + if (--name_ret_len > 0) + *name_ret++ = '>'; } } *name_ret = '\0'; @@ -319,12 +324,12 @@ process_netbios_name(const guchar *name_ptr, char *name_ret) } -int get_netbios_name( tvbuff_t *tvb, int offset, char *name_ret) +int get_netbios_name( tvbuff_t *tvb, int offset, char *name_ret, int name_ret_len) {/* Extract the name string and name type. Return the name string in */ /* name_ret and return the name_type. */ - return process_netbios_name( tvb_get_ptr( tvb, offset, NETBIOS_NAME_LEN ), name_ret); + return process_netbios_name( tvb_get_ptr( tvb, offset, NETBIOS_NAME_LEN ), name_ret, name_ret_len); } @@ -349,7 +354,7 @@ void netbios_add_name(const char* label, tvbuff_t *tvb, int offset, const char *name_type_str; /* decode the name field */ - name_type = get_netbios_name( tvb, offset, name_str); + name_type = get_netbios_name( tvb, offset, name_str, (NETBIOS_NAME_LEN - 1)*4 + 1); name_type_str = netbios_name_type_descr(name_type); tf = proto_tree_add_text( tree, tvb, offset, NETBIOS_NAME_LEN, "%s: %s<%02x> (%s)", label, name_str, name_type, name_type_str); @@ -1130,7 +1135,7 @@ dissect_netbios(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) command_name = val_to_str(command, cmd_vals, "Unknown (0x%02x)"); switch ( command ) { case NB_NAME_QUERY: - name_type = get_netbios_name( tvb, offset + 12, name); + name_type = get_netbios_name( tvb, offset + 12, name, (NETBIOS_NAME_LEN - 1)*4 + 1); col_add_fstr( pinfo->cinfo, COL_INFO, "%s for %s<%02x>", command_name, name, name_type); break; @@ -1138,7 +1143,7 @@ dissect_netbios(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) case NB_NAME_RESP: case NB_ADD_NAME: case NB_ADD_GROUP: - name_type = get_netbios_name( tvb, offset + 28, name); + name_type = get_netbios_name( tvb, offset + 28, name, (NETBIOS_NAME_LEN - 1)*4 + 1); col_add_fstr( pinfo->cinfo, COL_INFO, "%s - %s<%02x>", command_name, name, name_type); break; diff --git a/epan/dissectors/packet-netbios.h b/epan/dissectors/packet-netbios.h index 67bc8496e7..c8c0194943 100644 --- a/epan/dissectors/packet-netbios.h +++ b/epan/dissectors/packet-netbios.h @@ -34,9 +34,9 @@ void capture_netbios(packet_counts *); -extern int process_netbios_name(const guchar *name_ptr, char *name_ret); +extern int process_netbios_name(const guchar *name_ptr, char *name_ret, int name_ret_len); extern int get_netbios_name(tvbuff_t *tvb, int offset, - char *name_ret); + char *name_ret, int name_ret_len); extern const char *netbios_name_type_descr(int name_type); extern void netbios_add_name( const char* label, tvbuff_t *tvb, int offset, proto_tree *tree); diff --git a/epan/dissectors/packet-pgm.c b/epan/dissectors/packet-pgm.c index 71990b7c8c..c66dbd80af 100644 --- a/epan/dissectors/packet-pgm.c +++ b/epan/dissectors/packet-pgm.c @@ -489,27 +489,30 @@ static const char * optsstr(nchar_t opts) { char *msg; - char *p; - - msg=ep_alloc(256); - p=msg; + size_t returned_length, index = 0; + const int MAX_STR_LEN = 256; + msg=ep_alloc(MAX_STR_LEN); if (opts == 0) return(""); if (opts & PGM_OPT){ - p += g_snprintf(p, 256-(p-msg), "Present"); + returned_length = g_snprintf(&msg[index], MAX_STR_LEN-index, "Present"); + index += MIN(returned_length, MAX_STR_LEN-index); } if (opts & PGM_OPT_NETSIG){ - p += g_snprintf(p, 256-(p-msg), "%sNetSig", (p==msg)?"":","); + returned_length = g_snprintf(&msg[index], MAX_STR_LEN-index, "%sNetSig", (!index)?"":","); + index += MIN(returned_length, MAX_STR_LEN-index); } if (opts & PGM_OPT_VAR_PKTLEN){ - p += g_snprintf(p, 256-(p-msg), "%sVarLen", (p==msg)?"":","); + returned_length = g_snprintf(&msg[index], MAX_STR_LEN-index, "%sVarLen", (!index)?"":","); + index += MIN(returned_length, MAX_STR_LEN-index); } if (opts & PGM_OPT_PARITY){ - p += g_snprintf(p, 256-(p-msg), "%sParity", (p==msg)?"":","); + returned_length = g_snprintf(&msg[index], MAX_STR_LEN-index, "%sParity", (!index)?"":","); + index += MIN(returned_length, MAX_STR_LEN-index); } - if (p == msg) { - p += g_snprintf(p, 256-(p-msg), "0x%x", opts); + if (!index) { + g_snprintf(&msg[index], MAX_STR_LEN-index, "0x%x", opts); } return(msg); } @@ -517,21 +520,23 @@ static const char * paritystr(nchar_t parity) { char *msg; - char *p; + size_t returned_length, index = 0; + const int MAX_STR_LEN = 256; - msg=ep_alloc(256); - p=msg; + msg=ep_alloc(MAX_STR_LEN); if (parity == 0) return(""); if (parity & PGM_OPT_PARITY_PRM_PRO){ - p += g_snprintf(p, 256-(p-msg), "Pro-active"); + returned_length = g_snprintf(&msg[index], MAX_STR_LEN-index, "Pro-active"); + index += MIN(returned_length, MAX_STR_LEN-index); } if (parity & PGM_OPT_PARITY_PRM_OND){ - p += g_snprintf(p, 256-(p-msg), "%sOn-demand", (p==msg)?"":","); + returned_length = g_snprintf(&msg[index], MAX_STR_LEN-index, "%sOn-demand", (!index)?"":","); + index += MIN(returned_length, MAX_STR_LEN-index); } - if (p == msg) { - g_snprintf(p, 256-(p-msg), "%s0x%x", (p==msg)?"":" ", parity); + if (!index) { + g_snprintf(&msg[index], MAX_STR_LEN-index, "0x%x", parity); } return(msg); } @@ -767,15 +772,15 @@ dissect_pgmopts(tvbuff_t *tvb, int offset, proto_tree *tree, naks = (optdata.len/sizeof(nlong_t)); nakbuf=ep_alloc(8192); nakbuf[0]=0; - soffset=0; ptr = nakbuf; j = 0; /* * Print out 8 per line */ for (i=0; i < naks; i++) { - soffset += g_snprintf(nakbuf+soffset, 8192-soffset, "0x%lx ", - (unsigned long)g_ntohl(naklist[i])); + soffset += MIN(8192-soffset, + g_snprintf(nakbuf+soffset, 8192-soffset, "0x%lx ", + (unsigned long)g_ntohl(naklist[i]))); if ((++j % 8) == 0) { if (firsttime) { proto_tree_add_bytes_format(opt_tree, diff --git a/epan/dissectors/packet-winsrepl.c b/epan/dissectors/packet-winsrepl.c index 0e38f2972f..de57d1f0af 100644 --- a/epan/dissectors/packet-winsrepl.c +++ b/epan/dissectors/packet-winsrepl.c @@ -429,7 +429,7 @@ dissect_winsrepl_wins_name(tvbuff_t *winsrepl_tvb, packet_info *pinfo, */ name_tvb = tvb_new_subset(winsrepl_tvb, winsrepl_offset, name_len, name_len); netbios_add_name("Name", name_tvb, 0, name_tree); - name_type = get_netbios_name(name_tvb, 0, name_str); + name_type = get_netbios_name(name_tvb, 0, name_str, (NETBIOS_NAME_LEN - 1)*4 + 1); proto_item_append_text(name_item, ": %s<%02x>", name_str, name_type); winsrepl_offset += name_len; diff --git a/epan/dissectors/packet-x11.c b/epan/dissectors/packet-x11.c index a81903ed3d..28af1bbcde 100644 --- a/epan/dissectors/packet-x11.c +++ b/epan/dissectors/packet-x11.c @@ -1312,28 +1312,35 @@ static void colorFlags(tvbuff_t *tvb, int *offsetp, proto_tree *t) buffer=ep_alloc(512); - bp = buffer + g_snprintf(buffer, 512, "flags: "); + bp = buffer + MIN(512, g_snprintf(buffer, 512, "flags: ")); if (do_red_green_blue & 0x1) { - bp += g_snprintf(bp, 512-(bp-buffer), "DoRed"); + bp += MIN(512-(bp-buffer), + g_snprintf(bp, 512-(bp-buffer), "DoRed")); sep = TRUE; } if (do_red_green_blue & 0x2) { - if (sep) bp += g_snprintf(bp, 512-(bp-buffer), " | "); - bp += g_snprintf(bp, 512-(bp-buffer), "DoGreen"); + if (sep) bp += MIN(512-(bp-buffer), + g_snprintf(bp, 512-(bp-buffer), " | ")); + bp += MIN(512-(bp-buffer), + g_snprintf(bp, 512-(bp-buffer), "DoGreen")); sep = TRUE; } if (do_red_green_blue & 0x4) { - if (sep) bp += g_snprintf(bp, 512-(bp-buffer), " | "); - bp += g_snprintf(bp, 512-(bp-buffer), "DoBlue"); + if (sep) bp += MIN(512-(bp-buffer), + g_snprintf(bp, 512-(bp-buffer), " | ")); + bp += MIN(512-(bp-buffer), + g_snprintf(bp, 512-(bp-buffer), "DoBlue")); sep = TRUE; } if (do_red_green_blue & 0xf8) { - if (sep) bp += g_snprintf(bp, 512-(bp-buffer), " + "); - g_snprintf(bp, 512-(bp-buffer), "trash"); + if (sep) bp += MIN(512-(bp-buffer), + g_snprintf(bp, 512-(bp-buffer), " + ")); + MIN(512-(bp-buffer), + g_snprintf(bp, 512-(bp-buffer), "trash")); } ti = proto_tree_add_uint_format(t, hf_x11_coloritem_flags, tvb, *offsetp, 1, do_red_green_blue, @@ -1452,18 +1459,21 @@ static void listOfColorItem(tvbuff_t *tvb, int *offsetp, proto_tree *t, int hf, blue = VALUE16(tvb, *offsetp + 8); do_red_green_blue = VALUE8(tvb, *offsetp + 10); - bp = buffer + g_snprintf(buffer, 1024, "colorItem: "); + bp = buffer + MIN(1024, g_snprintf(buffer, 1024, "colorItem: ")); sep = ""; if (do_red_green_blue & 0x1) { - bp += g_snprintf(bp, 1024-(bp-buffer), "red = %d", red); + bp += MIN(1024-(bp-buffer), + g_snprintf(bp, 1024-(bp-buffer), "red = %d", red)); sep = ", "; } if (do_red_green_blue & 0x2) { - bp += g_snprintf(bp, 1024-(bp-buffer), "%sgreen = %d", sep, green); + bp += MIN(1024-(bp-buffer), + g_snprintf(bp, 1024-(bp-buffer), "%sgreen = %d", sep, green)); sep = ", "; } if (do_red_green_blue & 0x4) - bp += g_snprintf(bp, 1024-(bp-buffer), "%sblue = %d", sep, blue); + bp += MIN(1024-(bp-buffer), + g_snprintf(bp, 1024-(bp-buffer), "%sblue = %d", sep, blue)); tti = proto_tree_add_none_format(tt, hf_x11_coloritem, tvb, *offsetp, 12, "%s", buffer); ttt = proto_item_add_subtree(tti, ett_x11_color_item); |