diff options
| author | Michael Mann <mmann78@netscape.net> | 2016-07-16 11:54:38 -0400 |
|---|---|---|
| committer | Michael Mann <mmann78@netscape.net> | 2016-07-17 13:10:23 +0000 |
| commit | 25dfe445a109bbeaf38e6394f81a3bc2880850a3 (patch) | |
| tree | 53bac5adeea37f449dff3454d41f79087ce393d9 /extcap/ciscodump.c | |
| parent | 6e7b1b8a9cc701f55feb1a0d4e9f756be499b3a3 (diff) | |
| download | wireshark-25dfe445a109bbeaf38e6394f81a3bc2880850a3.tar.gz | |
ciscodump.c - Address VS Code Analysis warnings.
1. Check sscanf return value
2. Take large "packet" byte array off of stack and onto heap.
Change-Id: I8ade76359f1b0739ec31d7f3b688d212f21357ba
Reviewed-on: https://code.wireshark.org/review/16498
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'extcap/ciscodump.c')
| -rw-r--r-- | extcap/ciscodump.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/extcap/ciscodump.c b/extcap/ciscodump.c index a519e0912b..01e4916f6d 100644 --- a/extcap/ciscodump.c +++ b/extcap/ciscodump.c @@ -187,7 +187,8 @@ static int wait_until_data(ssh_channel channel, const long unsigned count) errmsg_print("Error in sscanf()"); return EXIT_FAILURE; } else { - sscanf(output_ptr, "Packets : %lu", &got); + if (sscanf(output_ptr, "Packets : %lu", &got) != 1) + return EXIT_FAILURE; } } verbose_print("All packets got: dumping\n"); @@ -244,16 +245,20 @@ static void ssh_loop_read(ssh_channel channel, FILE* fp, const long unsigned cou char chr; unsigned offset = 0; unsigned packet_size = 0; - char packet[PACKET_MAX_SIZE]; + char* packet; time_t curtime = time(NULL); int err; guint64 bytes_written; long unsigned packets = 0; int status = CISCODUMP_PARSER_STARTING; + /* This is big enough to put on the heap */ + packet = (char*)g_malloc(PACKET_MAX_SIZE); + do { if (ssh_channel_read_timeout(channel, &chr, 1, FALSE, SSH_READ_TIMEOUT) == SSH_ERROR) { errmsg_print("Error reading from channel"); + g_free(packet); return; } @@ -277,6 +282,8 @@ static void ssh_loop_read(ssh_channel channel, FILE* fp, const long unsigned cou } } while(packets < count); + + g_free(packet); } static int check_ios_version(ssh_channel channel) @@ -299,7 +306,9 @@ static int check_ios_version(ssh_channel channel) cur = g_strstr_len(version, strlen(version), "Version"); if (cur) { cur += strlen("Version "); - sscanf(cur, "%u.%u", &major, &minor); + if (sscanf(cur, "%u.%u", &major, &minor) != 2) + return FALSE; + if ((major > MINIMUM_IOS_MAJOR) || (major == MINIMUM_IOS_MAJOR && minor >= MINIMUM_IOS_MINOR)) { verbose_print("Current IOS Version: %u.%u\n", major, minor); if (read_output_bytes(channel, -1, NULL) == EXIT_FAILURE) |