diff options
author | Guy Harris <guy@alum.mit.edu> | 2005-09-13 02:39:37 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2005-09-13 02:39:37 +0000 |
commit | fcc31e309f1c781d87768307aae929e75780d2fe (patch) | |
tree | 20eac0598f5947d33b1576bbc28cdb69c2b1badb /epan | |
parent | 973920e91da3dd479611c3a2e2d0b344bfae5a32 (diff) |
Don't pass an arbitrary string from a packet to a routine expecting a
format string - the arbitrary string might contain "%" characters, so
the routine might then fetch arbitrary junk and try to use it as, for
example, a string pointer.
svn path=/trunk/; revision=15775
Diffstat (limited to 'epan')
-rw-r--r-- | epan/dissectors/packet-http.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/epan/dissectors/packet-http.c b/epan/dissectors/packet-http.c index 741ee5ffa7..fc538eff07 100644 --- a/epan/dissectors/packet-http.c +++ b/epan/dissectors/packet-http.c @@ -757,6 +757,7 @@ dissect_http_message(tvbuff_t *tvb, int offset, packet_info *pinfo, next_offset - offset)); } expert_add_info_format(pinfo, hdr_item, PI_SEQUENCE, PI_CHAT, + "%s", tvb_format_text(tvb, offset, next_offset - offset)); if (reqresp_dissector) { if (tree) req_tree = proto_item_add_subtree(hdr_item, ett_http_request); |