Type and size cleanups.

Use size_t for sizes. Do checks to make sure we don't overflow ints. Change-Id: Id0846cc5c6348d67a23064517ad1c432cf1cb61a Reviewed-on: https://code.wireshark.org/review/17742 Petri-Dish: Guy Harris <guy@alum.mit.edu> Reviewed-by: Guy Harris <guy@alum.mit.edu>
author: Guy Harris <guy@alum.mit.edu> 2016-09-16 11:40:31 -0700
committer: Guy Harris <guy@alum.mit.edu> 2016-09-16 19:45:13 +0000
commit: 686d72fc7d8a71f63a51f02cee08d269e55cdb81 (patch)
tree: d14d158caaff23267cedbdcab41d1209b1f9ec25 /extcap/androiddump.c
parent: ef527fa9618eeb24824de1be9a84c2126fe46290 (diff)
download: wireshark-686d72fc7d8a71f63a51f02cee08d269e55cdb81.tar.gz
1 files changed, 39 insertions, 8 deletions
diff --git a/extcap/androiddump.c b/extcap/androiddump.c
index 031325294e..7e6bd5f7fe 100644
--- a/extcap/androiddump.c
+++ b/extcap/androiddump.c
@@ -437,8 +437,9 @@ static socket_handle_t adb_connect(const char *server_ip, unsigned short *server
 
 
 static char *adb_send_and_receive(socket_handle_t sock, const char *adb_service,
-        char *buffer, int buffer_length, gssize *data_length) {
-    gssize   used_buffer_length;
+        char *buffer, size_t buffer_length, size_t *data_length) {
+    size_t   used_buffer_length;
+    size_t   bytes_to_read;
     guint32  length;
     gssize   result;
     char     status[4];
@@ -446,6 +447,20 @@ static char *adb_send_and_receive(socket_handle_t sock, const char *adb_service,
     size_t   adb_service_length;
 
     adb_service_length = strlen(adb_service);
+    if (adb_service_length > INT_MAX) {
+        g_warning("Service name too long when sending <%s> to ADB daemon", adb_service);
+        if (data_length)
+            *data_length = 0;
+        return NULL;
+    }
+
+    /* 8 bytes of hex length + terminating NUL */
+    if (buffer_length < 9) {
+        g_warning("Buffer for response too short while sending <%s> to ADB daemon", adb_service);
+        if (data_length)
+            *data_length = 0;
+        return NULL;
+    }
 
     result = send(sock, adb_service, (int) adb_service_length, 0);
     if (result != (gssize) adb_service_length) {
@@ -457,11 +472,15 @@ static char *adb_send_and_receive(socket_handle_t sock, const char *adb_service,
 
     used_buffer_length = 0;
     while (used_buffer_length < 8) {
-        result = recv(sock, buffer + used_buffer_length,  (int)(buffer_length - used_buffer_length), 0);
+        bytes_to_read = buffer_length - used_buffer_length;
+        if (bytes_to_read > INT_MAX)
+            bytes_to_read = INT_MAX;
+        result = recv(sock, buffer + used_buffer_length,  (int)bytes_to_read, 0);
 
         if (result <= 0) {
             g_warning("Broken socket connection while fetching reply status for <%s>", adb_service);
-
+            if (data_length)
+                *data_length = 0;
             return NULL;
         }
 
@@ -473,17 +492,29 @@ static char *adb_send_and_receive(socket_handle_t sock, const char *adb_service,
     buffer[8] = '\0';
     if (!ws_hexstrtou32(buffer + 4, NULL, &length)) {
         g_warning("Invalid reply length <%s> while reading reply for <%s>", buffer + 4, adb_service);
-
+        if (data_length)
+            *data_length = 0;
         return NULL;
     }
     buffer[8] = tmp_buffer;
 
+    if (buffer_length < length + 8) {
+        g_warning("Buffer for response too short while sending <%s> to ADB daemon", adb_service);
+        if (data_length)
+            *data_length = 0;
+        return NULL;
+    }
+
     while (used_buffer_length < length + 8) {
-        result = recv(sock, buffer + used_buffer_length,  (int)(buffer_length - used_buffer_length), 0);
+        bytes_to_read = buffer_length - used_buffer_length;
+        if (bytes_to_read > INT_MAX)
+            bytes_to_read = INT_MAX;
+        result = recv(sock, buffer + used_buffer_length,  (int)bytes_to_read, 0);
 
         if (result <= 0) {
             g_warning("Broken socket connection while reading reply for <%s>", adb_service);
-
+            if (data_length)
+                *data_length = 0;
             return NULL;
         }
 
@@ -635,7 +666,7 @@ static int register_interfaces(extcap_parameters * extcap_conf, const char *adb_
     char                  *response;
     char                  *device_list;
     gssize                 data_length;
-    gssize                 device_length;
+    size_t                 device_length;
     socket_handle_t        sock;
     const char            *adb_transport_serial_templace = "%04x""host:transport:%s";
     const char            *adb_check_port_templace       = "%04x""shell:cat /proc/%s/net/tcp";
author	Guy Harris <guy@alum.mit.edu>	2016-09-16 11:40:31 -0700
committer	Guy Harris <guy@alum.mit.edu>	2016-09-16 19:45:13 +0000
commit	686d72fc7d8a71f63a51f02cee08d269e55cdb81 (patch)
tree	d14d158caaff23267cedbdcab41d1209b1f9ec25 /extcap/androiddump.c
parent	ef527fa9618eeb24824de1be9a84c2126fe46290 (diff)
download	wireshark-686d72fc7d8a71f63a51f02cee08d269e55cdb81.tar.gz