diff options
author | Gerald Combs <gerald@wireshark.org> | 2009-03-31 22:51:59 +0000 |
---|---|---|
committer | Gerald Combs <gerald@wireshark.org> | 2009-03-31 22:51:59 +0000 |
commit | db3e983b04963aeeff4518bfe1f8af1430355164 (patch) | |
tree | 3c9a1a2513fa32cf26ad76fe5c2989c9eaadc720 /wiretap/k12.c | |
parent | b45c3cb272ddb420fa075e5a697b93fedaedc7ee (diff) |
Add a check to make sure we don't try to allocate a huge buffer. If
we get an improper buffer length, throw an error instead of
aborting. Clean up the debugging code.
svn path=/trunk/; revision=27918
Diffstat (limited to 'wiretap/k12.c')
-rw-r--r-- | wiretap/k12.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/wiretap/k12.c b/wiretap/k12.c index 6e83b75733..f9952f778e 100644 --- a/wiretap/k12.c +++ b/wiretap/k12.c @@ -25,7 +25,6 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ -/* #define DEBUG_K12 */ #ifdef HAVE_CONFIG_H #include "config.h" #endif @@ -41,12 +40,12 @@ #include <wsutil/str_util.h> -/*#define DEBUG_K12*/ +/* #define DEBUG_K12 */ #ifdef DEBUG_K12 #include <stdio.h> #include <ctype.h> #include <stdarg.h> - +#include <wsutil/file_util.h> FILE* dbg_out = NULL; char* env_file = NULL; @@ -91,7 +90,7 @@ void k12_hexdump(guint level, gint64 offset, char* label, unsigned char* b, unsi if (debug_level < level) return; - fprintf(dbg_out,"%s(%.8llx,%.4x): ",label,offset,len); + fprintf(dbg_out,"%s(%.8" G_GINT64_MODIFIER "x,%.4x): ",label,offset,len); for (i=0 ; i<len ; i++) { @@ -100,7 +99,7 @@ void k12_hexdump(guint level, gint64 offset, char* label, unsigned char* b, unsi else if (!(i%4)) fprintf(dbg_out," "); - fprintf(dbg_out,c2t[b[i]]); + fprintf(dbg_out, "%s", c2t[b[i]]); } fprintf(dbg_out,"\n"); @@ -261,9 +260,14 @@ static gint get_record(guint8** bufferp, FILE* fh, gint64 file_offset) { actual_len = left = pntohl(buffer); junky_offset -= 0x4; - K12_DBG(5,("get_record: GET length=%d",left)); + K12_DBG(5,("get_record: GET length=%u",left)); - g_assert(left >= 4); + /* XXX - Is WTAP_MAX_PACKET_SIZE */ + if (left < 4 || left > WTAP_MAX_PACKET_SIZE) { + K12_DBG(1,("get_record: Invalid GET length=%u",left)); + errno = WTAP_ERR_BAD_RECORD; + return -1; + } while (left > buffer_len) *bufferp = buffer = g_realloc(buffer,buffer_len*=2); |