From 375ba772741e0b34b7267e8553a8b4a8a9441eec Mon Sep 17 00:00:00 2001 From: Anders Broman Date: Mon, 17 Apr 2006 18:46:14 +0000 Subject: From Martin Mathieson: These patches: - fix the bounds errors reported by coverity in bug 879 - fix a couple of other potential bounds errors (length checking 1st & 2nd lines in file) - reorder catapult_dct2000_phdr so that normal protocol pseudo-header info is at the start. This means that the stub dissector can avoid the nasty (overlapped) memcpy - a little whitespace fixing svn path=/trunk/; revision=17886 --- wiretap/catapult_dct2000.c | 20 ++++++++++++-------- wiretap/wtap.h | 16 ++++++++-------- 2 files changed, 20 insertions(+), 16 deletions(-) (limited to 'wiretap') diff --git a/wiretap/catapult_dct2000.c b/wiretap/catapult_dct2000.c index 3d227ec779..0bb50a3c33 100644 --- a/wiretap/catapult_dct2000.c +++ b/wiretap/catapult_dct2000.c @@ -34,13 +34,13 @@ #include "catapult_dct2000.h" -#define MAX_FIRST_LINE_LENGTH 1024 +#define MAX_FIRST_LINE_LENGTH 200 #define MAX_TIMESTAMP_LINE_LENGTH 100 #define MAX_LINE_LENGTH 32000 +#define MAX_SECONDS_CHARS 16 #define MAX_SUBSECOND_DECIMALS 4 #define MAX_CONTEXT_NAME 64 #define MAX_PROTOCOL_NAME 64 -#define MAX_SECONDS_CHARS 16 #define MAX_PORT_DIGITS 2 #define AAL_HEADER_CHARS 12 @@ -189,7 +189,8 @@ int catapult_dct2000_open(wtap *wth, int *err, gchar **err_info _U_) /* First line needs to contain at least as many characters as magic */ read_new_line(wth->fh, &offset, &firstline_length); - if ((size_t)firstline_length < strlen(catapult_dct2000_magic)) + if (((size_t)firstline_length < strlen(catapult_dct2000_magic)) || + firstline_length >= MAX_FIRST_LINE_LENGTH) { return 0; } @@ -215,9 +216,10 @@ int catapult_dct2000_open(wtap *wth, int *err, gchar **err_info _U_) /* Store this offset in in wth->capture->catapult_dct2000 */ read_new_line(wth->fh, &offset, &(file_externals->secondline_length)); - if (!get_file_time_stamp(×tamp, &usecs)) + if ((file_externals->secondline_length >= MAX_TIMESTAMP_LINE_LENGTH) || + (!get_file_time_stamp(×tamp, &usecs))) { - /* Give up if time wasn't valid */ + /* Give up if file time line wasn't valid */ g_free(file_externals); return 0; } @@ -775,10 +777,12 @@ gboolean parse_line(gint length, gint *seconds, gint *useconds, int port_digits = 0; char port_number_string[MAX_PORT_DIGITS+1]; int protocol_chars = 0; - char seconds_buff[MAX_SECONDS_CHARS]; + + char seconds_buff[MAX_SECONDS_CHARS+1]; int seconds_chars; - char subsecond_decimals_buff[MAX_SUBSECOND_DECIMALS]; + char subsecond_decimals_buff[MAX_SUBSECOND_DECIMALS+1]; int subsecond_decimals_chars; + gboolean atm_header_present = FALSE; /* Read context name until find '.' */ @@ -826,7 +830,7 @@ gboolean parse_line(gint length, gint *seconds, gint *useconds, /* Now for the protocol name */ for (protocol_chars = 0; - (linebuff[n] != '/') && (protocol_chars <= MAX_PROTOCOL_NAME) && + (linebuff[n] != '/') && (protocol_chars < MAX_PROTOCOL_NAME) && (n < MAX_LINE_LENGTH); n++, protocol_chars++) { diff --git a/wiretap/wtap.h b/wiretap/wtap.h index b44a0b37d0..5ebf160c26 100644 --- a/wiretap/wtap.h +++ b/wiretap/wtap.h @@ -502,14 +502,14 @@ struct k12_phdr { struct wtap; struct catapult_dct2000_phdr { - long seek_off; - struct wtap *wth; - union - { - struct isdn_phdr isdn; - struct atm_phdr atm; - struct p2p_phdr p2p; - } inner_pseudo_header; + union + { + struct isdn_phdr isdn; + struct atm_phdr atm; + struct p2p_phdr p2p; + } inner_pseudo_header; + long seek_off; + struct wtap *wth; }; struct lapd_phdr { -- cgit v1.2.3