From a86490d2a7651930059c4750d735cf76efd969af Mon Sep 17 00:00:00 2001 From: Guy Harris Date: Tue, 25 Sep 2001 18:27:35 +0000 Subject: If "snprintf()" can't print all the data because there's not enough room, it might return -1 in some versions of glibc; check for that, and quit if that happens. It might also return the number of characters that would've been printed had there been enough room; this means that a loop that does n += snprintf (buf + n, BUF_LENGTH - n, ...); may end up making "n" bigger than BUF_LENGTH, and "snprintf()" might not sanely handle being passed a negative length, so if "n" isn't less than the total length of the string buffer, don't add stuff to it. The "capabilitiesStart" variable in "add_capabilities()" in the WSP dissector is an offset into the PDU data; there's no guarantee that said offet is < 256, and, even if there were, there's no point in making it an 8-bit variable. Add some additional buffer overflow checks to the WSP dissector. svn path=/trunk/; revision=3953 --- packet-icmpv6.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'packet-icmpv6.c') diff --git a/packet-icmpv6.c b/packet-icmpv6.c index b412aa6a7b..5bbc5e2b18 100644 --- a/packet-icmpv6.c +++ b/packet-icmpv6.c @@ -1,7 +1,7 @@ /* packet-icmpv6.c * Routines for ICMPv6 packet disassembly * - * $Id: packet-icmpv6.c,v 1.50 2001/09/05 19:48:53 guy Exp $ + * $Id: packet-icmpv6.c,v 1.51 2001/09/25 18:27:35 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -487,7 +487,7 @@ bitrange0(v, s, buf, buflen) l = snprintf(p, ep - p, ",%d-%d", s + off, s + off + i - 1); } - if (l > ep - p) { + if (l == -1 || l > ep - p) { buf[0] = '\0'; return NULL; } -- cgit v1.2.3