diff options
author | Guy Harris <guy@alum.mit.edu> | 2001-09-25 18:27:35 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2001-09-25 18:27:35 +0000 |
commit | a86490d2a7651930059c4750d735cf76efd969af (patch) | |
tree | 97f866f2c11edf3b58fca06551fb7524efeed2eb /packet-icmpv6.c | |
parent | 12db23546de313dd28f797c080134334bb28ba92 (diff) |
If "snprintf()" can't print all the data because there's not enough
room, it might return -1 in some versions of glibc; check for that, and
quit if that happens.
It might also return the number of characters that would've been printed
had there been enough room; this means that a loop that does
n += snprintf (buf + n, BUF_LENGTH - n, ...);
may end up making "n" bigger than BUF_LENGTH, and "snprintf()" might not
sanely handle being passed a negative length, so if "n" isn't less than
the total length of the string buffer, don't add stuff to it.
The "capabilitiesStart" variable in "add_capabilities()" in the WSP
dissector is an offset into the PDU data; there's no guarantee that said
offet is < 256, and, even if there were, there's no point in making it
an 8-bit variable.
Add some additional buffer overflow checks to the WSP dissector.
svn path=/trunk/; revision=3953
Diffstat (limited to 'packet-icmpv6.c')
-rw-r--r-- | packet-icmpv6.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/packet-icmpv6.c b/packet-icmpv6.c index b412aa6a7b..5bbc5e2b18 100644 --- a/packet-icmpv6.c +++ b/packet-icmpv6.c @@ -1,7 +1,7 @@ /* packet-icmpv6.c * Routines for ICMPv6 packet disassembly * - * $Id: packet-icmpv6.c,v 1.50 2001/09/05 19:48:53 guy Exp $ + * $Id: packet-icmpv6.c,v 1.51 2001/09/25 18:27:35 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -487,7 +487,7 @@ bitrange0(v, s, buf, buflen) l = snprintf(p, ep - p, ",%d-%d", s + off, s + off + i - 1); } - if (l > ep - p) { + if (l == -1 || l > ep - p) { buf[0] = '\0'; return NULL; } |