summaryrefslogtreecommitdiff
path: root/wiretap
diff options
context:
space:
mode:
authorAndersBroman <anders.broman@ericsson.com>2016-01-12 17:27:01 +0100
committerMichael Mann <mmann78@netscape.net>2016-01-13 03:48:05 +0000
commit140aad08e081489b5cdb715cb5bca01db856fded (patch)
tree2881feda8be26ebc1b96cc74f276bea9f4d3e138 /wiretap
parente48882fd0c6cbd44d95c6c55ea3942219fd84261 (diff)
downloadwireshark-140aad08e081489b5cdb715cb5bca01db856fded.tar.gz
nettrace_3gpp_32_423 Protect from buffer overun.
Bug: 11982 Change-Id: Ib704d9128ab6427751edbf3a33f4b8fd14902562 Reviewed-on: https://code.wireshark.org/review/13233 Reviewed-by: Anders Broman <a.broman58@gmail.com> Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'wiretap')
-rw-r--r--wiretap/nettrace_3gpp_32_423.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/wiretap/nettrace_3gpp_32_423.c b/wiretap/nettrace_3gpp_32_423.c
index 397df95c7f..ea4abffd0e 100644
--- a/wiretap/nettrace_3gpp_32_423.c
+++ b/wiretap/nettrace_3gpp_32_423.c
@@ -723,7 +723,9 @@ create_temp_pcapng_file(wtap *wth, int *err, gchar **err_info, nettrace_3gpp_32_
* + End of options 4 bytes
*/
/* XXX add the length of exported bdu tag(s) here */
- packet_buf = (guint8 *)g_malloc(packet_size + 12);
+ packet_buf = (guint8 *)g_malloc(packet_size + 12+1);
+ /* Terminate buffer*/
+ packet_buf[packet_size + 12] = 0;
packet_buf[0] = 0;
packet_buf[1] = 12; /* EXP_PDU_TAG_PROTO_NAME */
@@ -982,6 +984,8 @@ nettrace_3gpp_32_423_file_open(wtap *wth, int *err, gchar **err_info)
if (memcmp(magic_buf, xml_magic, sizeof(xml_magic)) != 0){
return WTAP_OPEN_NOT_MINE;
}
+ /* Protect from overrunning the buffer*/
+ magic_buf[512 - 1] = 0;
/* File header should contain something like fileFormatVersion="32.423 V8.1.0" */
curr_pos = strstr(magic_buf, "fileFormatVersion");
generated by cgit v1.2.1 (git 2.18.0) at 2024-06-20 20:01:43 +0000