diff options
| author | Martin Kaiser <wireshark@kaiser.cx> | 2016-07-03 13:37:51 +0200 |
|---|---|---|
| committer | Michael Mann <mmann78@netscape.net> | 2016-07-03 14:20:46 +0000 |
| commit | 2da35bce9a3e4a18a9fa251eadb76a3a3695e726 (patch) | |
| tree | 1327b23a68c75fc1900b39c1c85bba272e542e2c /plugins/profinet | |
| parent | 50614a95baeeee6b5ecc71cfdbdb655ade5bb2d3 (diff) | |
| download | wireshark-2da35bce9a3e4a18a9fa251eadb76a3a3695e726.tar.gz | |
profinet, CID 1362120: check the return value of ftell()
change filePosRecord's data type to long, this is what ftell() and
fseek() expect
limit filePosRecord's scope to the block where it's actually used
if ftell() returns < 0, don't move the file pointer and don't call
fseek() with the negative offset
Change-Id: If5a43099c32e476a691f4d6cd26ed7fb73490fcf
Reviewed-on: https://code.wireshark.org/review/16258
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'plugins/profinet')
| -rw-r--r-- | plugins/profinet/packet-dcerpc-pn-io.c | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/plugins/profinet/packet-dcerpc-pn-io.c b/plugins/profinet/packet-dcerpc-pn-io.c index a5db4cdbb5..0826c71f61 100644 --- a/plugins/profinet/packet-dcerpc-pn-io.c +++ b/plugins/profinet/packet-dcerpc-pn-io.c @@ -8126,7 +8126,6 @@ dissect_ExpectedSubmoduleBlockReq_block(tvbuff_t *tvb, int offset, guint16 searchVendorID = 0; guint16 searchDeviceID = 0; - gint32 filePosRecord; gboolean vendorMatch; gboolean deviceMatch; conversation_t *conversation; @@ -8383,20 +8382,24 @@ dissect_ExpectedSubmoduleBlockReq_block(tvbuff_t *tvb, int offset, while(fgets(temp, MAX_LINE_LENGTH, fp) != NULL) { if((strstr(temp, moduleNameInfo)) != NULL) { /* find the String "<Name" for the TextID */ - sscanf(temp, "%*s TextId=\"%[^\"]", tmp_moduletext); /* saves the correct TextId for the next searchloop */ + long filePosRecord; - filePosRecord = (gint32)ftell(fp); /* save the current position of the filepointer (Offset) */ + sscanf(temp, "%*s TextId=\"%[^\"]", tmp_moduletext); /* saves the correct TextId for the next searchloop */ - while (fgets(temp, MAX_LINE_LENGTH, fp) != NULL && io_data_object->amountInGSDML == 1) { - /* Find a String with the saved TextID and with a fitting value for it in the same line. This value is the name of the Module! */ - if(((strstr(temp, tmp_moduletext)) != NULL) && ((strstr(temp, moduleValueInfo)) != NULL)) { - pch = strstr(temp, moduleValueInfo); - sscanf(pch, "Value=\"%[^\"]", io_data_object->moduleNameStr); - break; /* Found the name of the module */ + filePosRecord = ftell(fp); /* save the current position of the filepointer (Offset) */ + /* ftell() may return -1 for error, don't move fp in this case */ + if (filePosRecord >= 0) { + while (fgets(temp, MAX_LINE_LENGTH, fp) != NULL && io_data_object->amountInGSDML == 1) { + /* Find a String with the saved TextID and with a fitting value for it in the same line. This value is the name of the Module! */ + if(((strstr(temp, tmp_moduletext)) != NULL) && ((strstr(temp, moduleValueInfo)) != NULL)) { + pch = strstr(temp, moduleValueInfo); + sscanf(pch, "Value=\"%[^\"]", io_data_object->moduleNameStr); + break; /* Found the name of the module */ + } } - } - fseek(fp, filePosRecord, SEEK_SET); /* set filepointer to the correct TextID */ + fseek(fp, filePosRecord, SEEK_SET); /* set filepointer to the correct TextID */ + } } /* Search for Submoduleidentnumber in GSD-file */ |