bootp: fix potential buffer overflow (read)

The Vendor class Identifier is a string (used with strncmp). Be sure to obtain a null-terminated string. Bug: 13628 Change-Id: Ic6457da171fbfa1bd18366d965d22e942fb080d6 Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1183 Bug: 13609 Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1153 Reviewed-on: https://code.wireshark.org/review/21498 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
author: Peter Wu <peter@lekensteyn.nl> 2017-05-04 18:45:55 +0200
committer: Alexis La Goutte <alexis.lagoutte@gmail.com> 2017-05-04 18:56:32 +0000
commit: 508bec78a39f0c7a2a54986b7616e4f615d6f170 (patch)
tree: 53b0655b6a57b982831a77d75402cf7f3fe3cef8
parent: 2f35a811a33e21b06adf917051aa9a7a66c95544 (diff)
download: wireshark-508bec78a39f0c7a2a54986b7616e4f615d6f170.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/epan/dissectors/packet-bootp.c b/epan/dissectors/packet-bootp.c
index 6c590a6a6e..8cc49e1333 100644
--- a/epan/dissectors/packet-bootp.c
+++ b/epan/dissectors/packet-bootp.c
@@ -1866,7 +1866,8 @@ bootp_option(tvbuff_t *tvb, packet_info *pinfo, proto_tree *bp_tree, int voff,
 
 			case 60:
 				*vendor_class_id_p =
-				    tvb_get_ptr(tvb, voff+2, consumed-2);
+					tvb_get_string_enc(wmem_packet_scope(),
+					tvb, voff+2, consumed-2, ENC_ASCII);
 				break;
 			case 119:
 				rfc3396_dns_domain_search_list.total_number_of_block++;
author	Peter Wu <peter@lekensteyn.nl>	2017-05-04 18:45:55 +0200
committer	Alexis La Goutte <alexis.lagoutte@gmail.com>	2017-05-04 18:56:32 +0000
commit	508bec78a39f0c7a2a54986b7616e4f615d6f170 (patch)
tree	53b0655b6a57b982831a77d75402cf7f3fe3cef8
parent	2f35a811a33e21b06adf917051aa9a7a66c95544 (diff)
download	wireshark-508bec78a39f0c7a2a54986b7616e4f615d6f170.tar.gz