diff options
Diffstat (limited to 'extcap/ciscodump.c')
-rw-r--r-- | extcap/ciscodump.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/extcap/ciscodump.c b/extcap/ciscodump.c index a519e0912b..01e4916f6d 100644 --- a/extcap/ciscodump.c +++ b/extcap/ciscodump.c @@ -187,7 +187,8 @@ static int wait_until_data(ssh_channel channel, const long unsigned count) errmsg_print("Error in sscanf()"); return EXIT_FAILURE; } else { - sscanf(output_ptr, "Packets : %lu", &got); + if (sscanf(output_ptr, "Packets : %lu", &got) != 1) + return EXIT_FAILURE; } } verbose_print("All packets got: dumping\n"); @@ -244,16 +245,20 @@ static void ssh_loop_read(ssh_channel channel, FILE* fp, const long unsigned cou char chr; unsigned offset = 0; unsigned packet_size = 0; - char packet[PACKET_MAX_SIZE]; + char* packet; time_t curtime = time(NULL); int err; guint64 bytes_written; long unsigned packets = 0; int status = CISCODUMP_PARSER_STARTING; + /* This is big enough to put on the heap */ + packet = (char*)g_malloc(PACKET_MAX_SIZE); + do { if (ssh_channel_read_timeout(channel, &chr, 1, FALSE, SSH_READ_TIMEOUT) == SSH_ERROR) { errmsg_print("Error reading from channel"); + g_free(packet); return; } @@ -277,6 +282,8 @@ static void ssh_loop_read(ssh_channel channel, FILE* fp, const long unsigned cou } } while(packets < count); + + g_free(packet); } static int check_ios_version(ssh_channel channel) @@ -299,7 +306,9 @@ static int check_ios_version(ssh_channel channel) cur = g_strstr_len(version, strlen(version), "Version"); if (cur) { cur += strlen("Version "); - sscanf(cur, "%u.%u", &major, &minor); + if (sscanf(cur, "%u.%u", &major, &minor) != 2) + return FALSE; + if ((major > MINIMUM_IOS_MAJOR) || (major == MINIMUM_IOS_MAJOR && minor >= MINIMUM_IOS_MINOR)) { verbose_print("Current IOS Version: %u.%u\n", major, minor); if (read_output_bytes(channel, -1, NULL) == EXIT_FAILURE) |