diff options
author | Gerald Combs <gerald@wireshark.org> | 2006-07-05 21:30:25 +0000 |
---|---|---|
committer | Gerald Combs <gerald@wireshark.org> | 2006-07-05 21:30:25 +0000 |
commit | de826c3425d915c704e0b0415c1a47ad137daf4f (patch) | |
tree | a7133b929908d56d6ae72ece2bf33bc8fe7c6937 | |
parent | 3ec4dc74e8a55ef6bcaa3344f56520dad8e7bf26 (diff) | |
download | wireshark-de826c3425d915c704e0b0415c1a47ad137daf4f.tar.gz wireshark-de826c3425d915c704e0b0415c1a47ad137daf4f.tar.bz2 wireshark-de826c3425d915c704e0b0415c1a47ad137daf4f.zip |
Don't pass an empty OID to sprint_realloc_variable(). This should fix a
recent fuzz error.
Fix up whitespace.
svn path=/trunk/; revision=18667
-rw-r--r-- | asn1/snmp/packet-snmp-template.c | 13 | ||||
-rw-r--r-- | epan/dissectors/packet-snmp.c | 19 |
2 files changed, 19 insertions, 13 deletions
diff --git a/asn1/snmp/packet-snmp-template.c b/asn1/snmp/packet-snmp-template.c index f8a3a8aaf0..992831a74b 100644 --- a/asn1/snmp/packet-snmp-template.c +++ b/asn1/snmp/packet-snmp-template.c @@ -355,7 +355,7 @@ int oid_to_subid_buf(const guint8 *oid, gint oid_len, subid_t *buf, int buf_len) value=0; out_len = 0; byte =0; is_first = TRUE; for (i=0; i<oid_len; i++){ - if (out_len >= buf_len) + if (out_len >= buf_len) break; byte = oid[i]; value = (value << 7) | (byte & 0x7F); @@ -412,7 +412,7 @@ format_oid(subid_t *oid, guint oid_length) *oid_string = '\0'; oid_out_len = 0; /* We pass an ep allocated block here, NOT a malloced block - * so we MUST NOT allow reallocation, hence the fourth + * so we MUST NOT allow reallocation, hence the fourth * parameter MUST be 0/FALSE */ sprint_realloc_objid(&oid_string, &oid_string_len, &oid_out_len, FALSE, @@ -470,7 +470,7 @@ new_format_oid(subid_t *oid, guint oid_length, *oid_string = '\0'; oid_out_len = 0; /* We pass an ep allocated block here, NOT a malloced block - * so we MUST NOT allow reallocation, hence the fourth + * so we MUST NOT allow reallocation, hence the fourth * parameter MUST be 0/FALSE */ sprint_realloc_objid(&oid_string, &oid_string_len, &oid_out_len, FALSE, @@ -522,6 +522,9 @@ format_var(struct variable_list *variable, subid_t *variable_oid, size_t buf_len; size_t out_len; + if (variable_oid == NULL || variable_oid_length == 0) + return NULL; + switch (vb_type) { case SNMP_IPADDR: @@ -603,7 +606,7 @@ format_var(struct variable_list *variable, subid_t *variable_oid, *buf = '\0'; out_len = 0; /* We pass an ep allocated block here, NOT a malloced block - * so we MUST NOT allow reallocation, hence the fourth + * so we MUST NOT allow reallocation, hence the fourth * parameter MUST be 0/FALSE */ sprint_realloc_value(&buf, &buf_len, &out_len, FALSE, @@ -760,7 +763,7 @@ dissect_snmp_engineid(proto_tree *tree, tvbuff_t *tvb, int offset, int len) } /* This code is copied from the original SNMP dissector with minor changes to adapt it to use packet-ber.c routines - * TODO: + * TODO: * - Rewrite it completly as OID as subid_t could be returned from dissect_ber_objectidentifier * - vb_type_name is known when calling this routine(?) * - All branches not needed(?) diff --git a/epan/dissectors/packet-snmp.c b/epan/dissectors/packet-snmp.c index cd28b55711..16e700a415 100644 --- a/epan/dissectors/packet-snmp.c +++ b/epan/dissectors/packet-snmp.c @@ -480,7 +480,7 @@ int oid_to_subid_buf(const guint8 *oid, gint oid_len, subid_t *buf, int buf_len) value=0; out_len = 0; byte =0; is_first = TRUE; for (i=0; i<oid_len; i++){ - if (out_len >= buf_len) + if (out_len >= buf_len) break; byte = oid[i]; value = (value << 7) | (byte & 0x7F); @@ -537,7 +537,7 @@ format_oid(subid_t *oid, guint oid_length) *oid_string = '\0'; oid_out_len = 0; /* We pass an ep allocated block here, NOT a malloced block - * so we MUST NOT allow reallocation, hence the fourth + * so we MUST NOT allow reallocation, hence the fourth * parameter MUST be 0/FALSE */ sprint_realloc_objid(&oid_string, &oid_string_len, &oid_out_len, FALSE, @@ -595,7 +595,7 @@ new_format_oid(subid_t *oid, guint oid_length, *oid_string = '\0'; oid_out_len = 0; /* We pass an ep allocated block here, NOT a malloced block - * so we MUST NOT allow reallocation, hence the fourth + * so we MUST NOT allow reallocation, hence the fourth * parameter MUST be 0/FALSE */ sprint_realloc_objid(&oid_string, &oid_string_len, &oid_out_len, FALSE, @@ -647,6 +647,9 @@ format_var(struct variable_list *variable, subid_t *variable_oid, size_t buf_len; size_t out_len; + if (variable_oid == NULL || variable_oid_length == 0) + return NULL; + switch (vb_type) { case SNMP_IPADDR: @@ -728,7 +731,7 @@ format_var(struct variable_list *variable, subid_t *variable_oid, *buf = '\0'; out_len = 0; /* We pass an ep allocated block here, NOT a malloced block - * so we MUST NOT allow reallocation, hence the fourth + * so we MUST NOT allow reallocation, hence the fourth * parameter MUST be 0/FALSE */ sprint_realloc_value(&buf, &buf_len, &out_len, FALSE, @@ -885,7 +888,7 @@ dissect_snmp_engineid(proto_tree *tree, tvbuff_t *tvb, int offset, int len) } /* This code is copied from the original SNMP dissector with minor changes to adapt it to use packet-ber.c routines - * TODO: + * TODO: * - Rewrite it completly as OID as subid_t could be returned from dissect_ber_objectidentifier * - vb_type_name is known when calling this routine(?) * - All branches not needed(?) @@ -2696,7 +2699,7 @@ static void dissect_SMUX_PDUs_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree /*--- End of included file: packet-snmp-fn.c ---*/ -#line 1035 "packet-snmp-template.c" +#line 1038 "packet-snmp-template.c" guint dissect_snmp_pdu(tvbuff_t *tvb, int offset, packet_info *pinfo, @@ -3388,7 +3391,7 @@ void proto_register_snmp(void) { "RReqPDU/operation", HFILL }}, /*--- End of included file: packet-snmp-hfarr.c ---*/ -#line 1390 "packet-snmp-template.c" +#line 1393 "packet-snmp-template.c" }; /* List of subtrees */ @@ -3426,7 +3429,7 @@ void proto_register_snmp(void) { &ett_snmp_RReqPDU, /*--- End of included file: packet-snmp-ettarr.c ---*/ -#line 1399 "packet-snmp-template.c" +#line 1402 "packet-snmp-template.c" }; module_t *snmp_module; |