diff options
| author | Guy Harris <guy@alum.mit.edu> | 2016-05-01 16:02:40 -0700 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2016-05-01 23:03:20 +0000 |
| commit | 29c78db2a80a93653f32e4fd2f00b9b550432c43 (patch) | |
| tree | a4abf78ebbb72f7c5017aeac1f2b1926ca2966bc /wiretap/dbs-etherwatch.c | |
| parent | 2cb5985bf47bdc8bea78d28483ed224abdd33dc6 (diff) | |
| download | wireshark-29c78db2a80a93653f32e4fd2f00b9b550432c43.tar.gz | |
Don't treat the packet length as unsigned.
The scanf family of functions are as annoyingly bad at handling unsigned
numbers as strtoul() is - both of them are perfectly willing to accept a
value beginning with a negative sign as an unsigned value. When using
strtoul(), you can compensate for this by explicitly checking for a '-'
as the first character of the string, but you can't do that with
sscanf().
So revert to having pkt_len be signed, and scanning it with %d, but
check for a negative value and fail if we see a negative value.
Change-Id: I6450d468504e942df72342176a0e145e5ac3db5f
Reviewed-on: https://code.wireshark.org/review/15216
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Diffstat (limited to 'wiretap/dbs-etherwatch.c')
| -rw-r--r-- | wiretap/dbs-etherwatch.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/wiretap/dbs-etherwatch.c b/wiretap/dbs-etherwatch.c index 33d9428099..de173c37cc 100644 --- a/wiretap/dbs-etherwatch.c +++ b/wiretap/dbs-etherwatch.c @@ -273,14 +273,13 @@ parse_dbs_etherwatch_packet(struct wtap_pkthdr *phdr, FILE_T fh, Buffer* buf, guint8 *pd; char line[DBS_ETHERWATCH_LINE_LENGTH]; int num_items_scanned; - int eth_hdr_len, csec; - guint pkt_len; + int eth_hdr_len, pkt_len, csec; int length_pos, length_from, length; struct tm tm; char mon[4] = "xxx"; gchar *p; static const gchar months[] = "JANFEBMARAPRMAYJUNJULAUGSEPOCTNOVDEC"; - guint count, line_count; + int count, line_count; /* Make sure we have enough room for a regular Ethernet packet */ ws_buffer_assure_space(buf, DBS_ETHERWATCH_MAX_ETHERNET_PACKET_LEN); @@ -351,7 +350,7 @@ parse_dbs_etherwatch_packet(struct wtap_pkthdr *phdr, FILE_T fh, Buffer* buf, } num_items_scanned = sscanf(line + LENGTH_POS, - "%9u byte buffer at %2d-%3s-%4d %2d:%2d:%2d.%9d", + "%9d byte buffer at %2d-%3s-%4d %2d:%2d:%2d.%9d", &pkt_len, &tm.tm_mday, mon, &tm.tm_year, &tm.tm_hour, &tm.tm_min, @@ -363,6 +362,12 @@ parse_dbs_etherwatch_packet(struct wtap_pkthdr *phdr, FILE_T fh, Buffer* buf, return FALSE; } + if (pkt_len < 0) { + *err = WTAP_ERR_BAD_FILE; + *err_info = g_strdup("dbs_etherwatch: packet header has a negative packet length"); + return FALSE; + } + /* Determine whether it is Ethernet II or IEEE 802 */ if(strncmp(&line[ETH_II_CHECK_POS], ETH_II_CHECK_STR, strlen(ETH_II_CHECK_STR)) == 0) { |