diff options
-rw-r--r-- | wiretap/k12.c | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/wiretap/k12.c b/wiretap/k12.c index fcf968f81d..955c8387c3 100644 --- a/wiretap/k12.c +++ b/wiretap/k12.c @@ -1043,12 +1043,20 @@ wtap_open_return_val k12_open(wtap *wth, int *err, gchar **err_info) { } } - /* XXX - this is assumed, in a number of places (not just in the - ascii_strdown_inplace() call below) to be null-terminated; - is that guaranteed (even with a corrupt file)? - Obviously not, as a corrupt file could contain anything - here; the Tektronix document says the strings "must end - with \0", but a bad file could fail to add the \0. */ + if (read_buffer[K12_SRCDESC_HWPART + hwpart_len + name_len - 1] != '\0') { + *err = WTAP_ERR_BAD_FILE; + *err_info = g_strdup("k12_open: source descriptor record contains non-null-terminated link-layer name"); + destroy_k12_file_data(file_data); + g_free(rec); + return WTAP_OPEN_ERROR; + } + if (read_buffer[K12_SRCDESC_HWPART + hwpart_len + name_len + stack_len - 1] != '\0') { + *err = WTAP_ERR_BAD_FILE; + *err_info = g_strdup("k12_open: source descriptor record contains non-null-terminated stack path"); + destroy_k12_file_data(file_data); + g_free(rec); + return WTAP_OPEN_ERROR; + } rec->input_name = (gchar *)g_memdup(read_buffer + K12_SRCDESC_HWPART + hwpart_len, name_len); rec->stack_file = (gchar *)g_memdup(read_buffer + K12_SRCDESC_HWPART + hwpart_len + name_len, stack_len); |