diff options
author | Gerald Combs <gerald@wireshark.org> | 2010-09-14 15:43:19 +0000 |
---|---|---|
committer | Gerald Combs <gerald@wireshark.org> | 2010-09-14 15:43:19 +0000 |
commit | 436ab95472f766bb546c1f3160e9b739c825db09 (patch) | |
tree | 1d43e09b497da227e64578ef499bd4d948a2a636 /epan/dissectors/packet-nfs.c | |
parent | 97d69446eaa19928a3ec4f0a3bdd0566f5b180d1 (diff) | |
download | wireshark-436ab95472f766bb546c1f3160e9b739c825db09.tar.gz |
From Cal Turney via bug 5209:
Decode of SETCLIENTID calls in the Windows x86 version fail with "[Dissector
bug, protocol NFS: STATUS_ACCESS_VIOLATION: dissector accessed an invalid
memory address]". This error occurs in packet-nfs.c in
dissect_nfs_clientaddr4() where vars 'protocol' and 'universal_ip_address' get
stepped on following the call to scanf(). The b1-b10 vars are declared as
quint8. While "hh" modifier used in the scanf() is documented in Linux to
correspond to an a signed/unsigned char arg, I cannot find a similar
designation in Windows (MSDN). The Windows C compiler interprets %hhu as
corresponding to a int16 rather than int8.
svn path=/trunk/; revision=34115
Diffstat (limited to 'epan/dissectors/packet-nfs.c')
-rw-r--r-- | epan/dissectors/packet-nfs.c | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/epan/dissectors/packet-nfs.c b/epan/dissectors/packet-nfs.c index 1488cf7711..6a7945ece1 100644 --- a/epan/dissectors/packet-nfs.c +++ b/epan/dissectors/packet-nfs.c @@ -7908,7 +7908,7 @@ dissect_nfs_clientaddr4(tvbuff_t *tvb, int offset, proto_tree *tree) { char *universal_ip_address = NULL; char *protocol = NULL; - guint8 b1, b2, b3, b4, b5, b6, b7, b8, b9, b10; + guint b1, b2, b3, b4, b5, b6, b7, b8, b9, b10; guint16 port; int addr_offset; @@ -7917,23 +7917,22 @@ dissect_nfs_clientaddr4(tvbuff_t *tvb, int offset, proto_tree *tree) offset = dissect_rpc_string(tvb, tree, hf_nfs_r_addr, offset, &universal_ip_address); if(strlen(protocol) == 3 && strncmp(protocol,"tcp",3) == 0) { - if (universal_ip_address && sscanf(universal_ip_address, "%hhu.%hhu.%hhu.%hhu.%hhu.%hhu", + if (universal_ip_address && sscanf(universal_ip_address, "%u.%u.%u.%u.%u.%u", &b1, &b2, &b3, &b4, &b5, &b6) == 6) { /* IPv4: h1.h2.h3.h4.p1.p2 */ port = (b5<<8) | b6; proto_tree_add_text(tree, tvb, addr_offset, offset, "[callback IPv4 address %u.%u.%u.%u, protocol=%s, port=%u]", b1, b2, b3, b4, protocol, port); - } else if (universal_ip_address && sscanf(universal_ip_address, "%hhu.%hhu", + } else if (universal_ip_address && sscanf(universal_ip_address, "%u.%u", &b1, &b2) == 2) { /* Some clients (linux) sometimes send only the port. */ port = (b1<<8) | b2; - proto_tree_add_text(tree, tvb, addr_offset, offset-addr_offset, "[callback ip address NOT SPECIFIED, protocol=%s, port=%u]", - protocol, - port); - } else if (universal_ip_address && sscanf(universal_ip_address, "%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx.%hhu.%hhu", - &b1, &b2, &b3, &b4, &b5, &b6, &b7, &b8, &b9, &b10) == 10) { - + proto_tree_add_text(tree, tvb, addr_offset, offset-addr_offset, + "[callback ip address NOT SPECIFIED, protocol=%s, port=%u]", protocol, port); + } else if (universal_ip_address && sscanf(universal_ip_address, + "%2x:%2x:%2x:%2x:%2x:%2x:%2x:%2x.%u.%u", + &b1, &b2, &b3, &b4, &b5, &b6, &b7, &b8, &b9, &b10) == 10) { port = (b9<<8) | b10; proto_tree_add_text(tree, tvb, addr_offset, offset, "[callback IPv6 address %2x:%2x:%2x:%2x:%2x:%2x:%2x:%2x, protocol=%s, port=%u]", @@ -7942,7 +7941,6 @@ dissect_nfs_clientaddr4(tvbuff_t *tvb, int offset, proto_tree *tree) proto_tree_add_text(tree, tvb, addr_offset, offset-addr_offset, "[Invalid address]"); } } - return offset; } |