diff options
| author | Gerald Combs <gerald@wireshark.org> | 2012-04-04 21:54:22 +0000 |
|---|---|---|
| committer | Gerald Combs <gerald@wireshark.org> | 2012-04-04 21:54:22 +0000 |
| commit | 8b3024e57cfdec74a5eadfcea9c3e936fb2f1bef (patch) | |
| tree | cb0deddd0e89e760109f821527ec69be1bb2c712 | |
| parent | c67d24077ef60cbe997467f6294f8b856351cfd4 (diff) | |
| download | wireshark-8b3024e57cfdec74a5eadfcea9c3e936fb2f1bef.tar.gz wireshark-8b3024e57cfdec74a5eadfcea9c3e936fb2f1bef.tar.bz2 wireshark-8b3024e57cfdec74a5eadfcea9c3e936fb2f1bef.zip | |
Make bit_offset in _tvb_get_bits64 and related functions unsigned. This
removes a potential buffer overflow and should fix a bunch of Coverity
errors mentioned in bug 6878.
We might want to do the same for no_of_bits.
svn path=/trunk/; revision=41945
| -rw-r--r-- | epan/proto.c | 28 | ||||
| -rw-r--r-- | epan/proto.h | 24 | ||||
| -rw-r--r-- | epan/to_str.c | 3 | ||||
| -rw-r--r-- | epan/to_str.h | 2 | ||||
| -rw-r--r-- | epan/tvbuff.c | 24 | ||||
| -rw-r--r-- | epan/tvbuff.h | 16 |
6 files changed, 47 insertions, 50 deletions
diff --git a/epan/proto.c b/epan/proto.c index 452b5fb552..10a1c209a1 100644 --- a/epan/proto.c +++ b/epan/proto.c @@ -7311,7 +7311,7 @@ proto_tree_add_bitmask_text(proto_tree *parent_tree, tvbuff_t *tvb, proto_item * proto_tree_add_bits_item(proto_tree *tree, const int hf_index, tvbuff_t *tvb, - const gint bit_offset, const gint no_of_bits, + const guint bit_offset, const gint no_of_bits, const guint encoding) { header_field_info *hfinfo; @@ -7329,7 +7329,7 @@ proto_tree_add_bits_item(proto_tree *tree, const int hf_index, tvbuff_t *tvb, static proto_item * _proto_tree_add_bits_ret_val(proto_tree *tree, const int hf_index, tvbuff_t *tvb, - const gint bit_offset, const gint no_of_bits, + const guint bit_offset, const gint no_of_bits, guint64 *return_value, const guint encoding) { gint offset; @@ -7353,7 +7353,6 @@ _proto_tree_add_bits_ret_val(proto_tree *tree, const int hf_index, tvbuff_t *tvb hf_field->abbrev, hf_field->name)); } - DISSECTOR_ASSERT(bit_offset >= 0); DISSECTOR_ASSERT(no_of_bits > 0); /* Byte align offset */ @@ -7449,14 +7448,14 @@ _proto_tree_add_bits_ret_val(proto_tree *tree, const int hf_index, tvbuff_t *tvb proto_item * proto_tree_add_split_bits_item_ret_val(proto_tree *tree, const int hf_index, tvbuff_t *tvb, - const gint bit_offset, const crumb_spec_t *crumb_spec, + const guint bit_offset, const crumb_spec_t *crumb_spec, guint64 *return_value) { proto_item *pi; gint no_of_bits; gint octet_offset; - gint mask_initial_bit_offset; - gint mask_greatest_bit_offset; + guint mask_initial_bit_offset; + guint mask_greatest_bit_offset; guint octet_length; guint8 i; char *bf_str; @@ -7609,7 +7608,7 @@ proto_tree_add_split_bits_item_ret_val(proto_tree *tree, const int hf_index, tvb } void -proto_tree_add_split_bits_crumb(proto_tree *tree, const int hf_index, tvbuff_t *tvb, const gint bit_offset, +proto_tree_add_split_bits_crumb(proto_tree *tree, const int hf_index, tvbuff_t *tvb, const guint bit_offset, const crumb_spec_t *crumb_spec, guint16 crumb_index) { header_field_info *hf_info; @@ -7630,7 +7629,7 @@ proto_tree_add_split_bits_crumb(proto_tree *tree, const int hf_index, tvbuff_t * proto_item * proto_tree_add_bits_ret_val(proto_tree *tree, const int hf_index, tvbuff_t *tvb, - const gint bit_offset, const gint no_of_bits, + const guint bit_offset, const gint no_of_bits, guint64 *return_value, const guint encoding) { proto_item *item; @@ -7646,7 +7645,7 @@ proto_tree_add_bits_ret_val(proto_tree *tree, const int hf_index, tvbuff_t *tvb, static proto_item * _proto_tree_add_bits_format_value(proto_tree *tree, const int hf_index, - tvbuff_t *tvb, const gint bit_offset, + tvbuff_t *tvb, const guint bit_offset, const gint no_of_bits, void *value_ptr, gchar *value_str) { @@ -7667,7 +7666,6 @@ _proto_tree_add_bits_format_value(proto_tree *tree, const int hf_index, hf_field->abbrev, hf_field->name)); } - DISSECTOR_ASSERT(bit_offset >= 0); DISSECTOR_ASSERT(no_of_bits > 0); /* Byte align offset */ @@ -7747,7 +7745,7 @@ _proto_tree_add_bits_format_value(proto_tree *tree, const int hf_index, proto_item * proto_tree_add_bits_format_value(proto_tree *tree, const int hf_index, - tvbuff_t *tvb, const gint bit_offset, + tvbuff_t *tvb, const guint bit_offset, const gint no_of_bits, void *value_ptr, gchar *value_str) { @@ -7769,7 +7767,7 @@ proto_tree_add_bits_format_value(proto_tree *tree, const int hf_index, proto_item * proto_tree_add_uint_bits_format_value(proto_tree *tree, const int hf_index, - tvbuff_t *tvb, const gint bit_offset, + tvbuff_t *tvb, const guint bit_offset, const gint no_of_bits, guint32 value, const char *format, ...) { @@ -7799,7 +7797,7 @@ proto_tree_add_uint_bits_format_value(proto_tree *tree, const int hf_index, proto_item * proto_tree_add_float_bits_format_value(proto_tree *tree, const int hf_index, - tvbuff_t *tvb, const gint bit_offset, + tvbuff_t *tvb, const guint bit_offset, const gint no_of_bits, float value, const char *format, ...) { @@ -7818,7 +7816,7 @@ proto_tree_add_float_bits_format_value(proto_tree *tree, const int hf_index, proto_item * proto_tree_add_int_bits_format_value(proto_tree *tree, const int hf_index, - tvbuff_t *tvb, const gint bit_offset, + tvbuff_t *tvb, const guint bit_offset, const gint no_of_bits, gint32 value, const char *format, ...) { @@ -7848,7 +7846,7 @@ proto_tree_add_int_bits_format_value(proto_tree *tree, const int hf_index, proto_item * proto_tree_add_boolean_bits_format_value(proto_tree *tree, const int hf_index, - tvbuff_t *tvb, const gint bit_offset, + tvbuff_t *tvb, const guint bit_offset, const gint no_of_bits, guint32 value, const char *format, ...) { diff --git a/epan/proto.h b/epan/proto.h index 7eaf6a374b..7b9801106c 100644 --- a/epan/proto.h +++ b/epan/proto.h @@ -385,7 +385,7 @@ typedef struct field_info { /* * This structure describes one segment of a split-bits item - * crumb_bit_offset is the bit offset in the input tvb of the first (most significant) bit of this crumb + * crumb_bit_offset is the bit offset in the input tvb of the first (most significant) bit of this crumb * crumb_bit_length is the number of contiguous bits of this crumb. * The first element of an array of bits_specs describes the most significant crumb of the output value. * The second element of an array of bits_specs describes the next-most significant crumb of the output value, etc. @@ -1899,7 +1899,7 @@ proto_tree_add_bitmask_text(proto_tree *tree, tvbuff_t *tvb, const guint offset, @param encoding data encoding @return the newly created item */ extern proto_item * -proto_tree_add_bits_item(proto_tree *tree, const int hf_index, tvbuff_t *tvb, const gint bit_offset, const gint no_of_bits, const guint encoding); +proto_tree_add_bits_item(proto_tree *tree, const int hf_index, tvbuff_t *tvb, const guint bit_offset, const gint no_of_bits, const guint encoding); /** Add bits to a proto_tree, using the text label registered to that item. * The item is extracted from the tvbuff handed to it as a set @@ -1912,13 +1912,13 @@ proto_tree_add_bits_item(proto_tree *tree, const int hf_index, tvbuff_t *tvb, co @param tree the tree to append this item to @param hf_index field index. Fields for use with this function should have bitmask==0. @param tvb the tv buffer of the current data - @param bit_offset of the first crumb in tvb expressed in bits + @param bit_offset of the first crumb in tvb expressed in bits @param pointer to crumb_spec array @param return_value if a pointer is passed here the value is returned. @return the newly created item */ extern proto_item * proto_tree_add_split_bits_item_ret_val(proto_tree *tree, const int hf_index, tvbuff_t *tvb, - const gint bit_offset, const crumb_spec_t *crumb_spec, + const guint bit_offset, const crumb_spec_t *crumb_spec, guint64 *return_value); @@ -1932,11 +1932,11 @@ proto_tree_add_split_bits_item_ret_val(proto_tree *tree, const int hf_index, tvb @param tree the tree to append this item to @param hf_index field index. Fields for use with this function should have bitmask==0. @param tvb the tv buffer of the current data - @param bit_offset of the first crumb in tvb expressed in bits + @param bit_offset of the first crumb in tvb expressed in bits @param pointer to crumb_spec array @param index into the crumb_spec array for this crumb */ -void -proto_tree_add_split_bits_crumb(proto_tree *tree, const int hf_index, tvbuff_t *tvb, const gint bit_offset, +void +proto_tree_add_split_bits_crumb(proto_tree *tree, const int hf_index, tvbuff_t *tvb, const guint bit_offset, const crumb_spec_t *crumb_spec, guint16 crumb_index); /** Add bits to a proto_tree, using the text label registered to that item. @@ -1950,7 +1950,7 @@ proto_tree_add_split_bits_crumb(proto_tree *tree, const int hf_index, tvbuff_t * @param encoding data encoding @return the newly created item */ extern proto_item * -proto_tree_add_bits_ret_val(proto_tree *tree, const int hf_index, tvbuff_t *tvb, const gint bit_offset, const gint no_of_bits, guint64 *return_value, const guint encoding); +proto_tree_add_bits_ret_val(proto_tree *tree, const int hf_index, tvbuff_t *tvb, const guint bit_offset, const gint no_of_bits, guint64 *return_value, const guint encoding); /** Add bits for a FT_UINT8, FT_UINT16, FT_UINT24 or FT_UINT32 header field to a proto_tree, with the format generating the @@ -1964,7 +1964,7 @@ proto_tree_add_bits_ret_val(proto_tree *tree, const int hf_index, tvbuff_t *tvb, @param format printf like format string @return the newly created item */ extern proto_item * -proto_tree_add_uint_bits_format_value(proto_tree *tree, const int hf_index, tvbuff_t *tvb, const gint bit_offset, const gint no_of_bits, +proto_tree_add_uint_bits_format_value(proto_tree *tree, const int hf_index, tvbuff_t *tvb, const guint bit_offset, const gint no_of_bits, guint32 value, const char *format, ...) G_GNUC_PRINTF(7,8); /** Add bits for a FT_BOOLEAN header field to a proto_tree, with @@ -1980,7 +1980,7 @@ proto_tree_add_uint_bits_format_value(proto_tree *tree, const int hf_index, tvbu @param ... printf like parameters @return the newly created item */ extern proto_item * -proto_tree_add_boolean_bits_format_value(proto_tree *tree, const int hf_index, tvbuff_t *tvb, const gint bit_offset, const gint no_of_bits, +proto_tree_add_boolean_bits_format_value(proto_tree *tree, const int hf_index, tvbuff_t *tvb, const guint bit_offset, const gint no_of_bits, guint32 value, const char *format, ...) G_GNUC_PRINTF(7,8); /** Add bits for a FT_INT8, FT_INT16, FT_INT24 or FT_INT32 @@ -1996,7 +1996,7 @@ proto_tree_add_boolean_bits_format_value(proto_tree *tree, const int hf_index, t @param ... printf like parameters @return the newly created item */ extern proto_item * -proto_tree_add_int_bits_format_value(proto_tree *tree, const int hf_index, tvbuff_t *tvb, const gint bit_offset, const gint no_of_bits, +proto_tree_add_int_bits_format_value(proto_tree *tree, const int hf_index, tvbuff_t *tvb, const guint bit_offset, const gint no_of_bits, gint32 value, const char *format, ...) G_GNUC_PRINTF(7,8); /** Add bits for a FT_FLOAT header field to a proto_tree, with @@ -2012,7 +2012,7 @@ proto_tree_add_int_bits_format_value(proto_tree *tree, const int hf_index, tvbuf @param ... printf like parameters @return the newly created item */ extern proto_item * -proto_tree_add_float_bits_format_value(proto_tree *tree, const int hf_index, tvbuff_t *tvb, const gint bit_offset, const gint no_of_bits, +proto_tree_add_float_bits_format_value(proto_tree *tree, const int hf_index, tvbuff_t *tvb, const guint bit_offset, const gint no_of_bits, float value, const char *format, ...) G_GNUC_PRINTF(7,8); /** Check if given string is a valid field name diff --git a/epan/to_str.c b/epan/to_str.c index 93d3ad51aa..faab5d6956 100644 --- a/epan/to_str.c +++ b/epan/to_str.c @@ -892,7 +892,7 @@ rel_time_to_secs_str(const nstime_t *rel_time) */ char * -decode_bits_in_field(const gint bit_offset, const gint no_of_bits, const guint64 value) +decode_bits_in_field(const guint bit_offset, const gint no_of_bits, const guint64 value) { guint64 mask = 0,tmp; char *str; @@ -1097,4 +1097,3 @@ gchar* guid_to_str_buf(const e_guid_t *guid, gchar *buf, int buf_len) { *tempptr = '\0'; return buf; } - diff --git a/epan/to_str.h b/epan/to_str.h index fb1cad9982..3093dffa59 100644 --- a/epan/to_str.h +++ b/epan/to_str.h @@ -87,7 +87,7 @@ extern gchar* rel_time_to_secs_str(const nstime_t*); extern gchar* guid_to_str(const e_guid_t*); extern gchar* guid_to_str_buf(const e_guid_t*, gchar*, int); -extern char *decode_bits_in_field(const gint bit_offset, const gint no_of_bits, const guint64 value); +extern char *decode_bits_in_field(const guint bit_offset, const gint no_of_bits, const guint64 value); extern char *other_decode_bitfield_value(char *buf, const guint32 val, const guint32 mask, const int width); diff --git a/epan/tvbuff.c b/epan/tvbuff.c index ea9d3fe405..aa88539d64 100644 --- a/epan/tvbuff.c +++ b/epan/tvbuff.c @@ -62,7 +62,7 @@ ensure_contiguous(tvbuff_t *tvb, const gint offset, const gint length); static guint64 -_tvb_get_bits64(tvbuff_t *tvb, gint bit_offset, const gint total_no_of_bits); +_tvb_get_bits64(tvbuff_t *tvb, guint bit_offset, const gint total_no_of_bits); static void tvb_init(tvbuff_t *tvb, const tvbuff_type type) @@ -1648,14 +1648,14 @@ static const guint8 bit_mask8[] = { /* Get 1 - 8 bits */ guint8 -tvb_get_bits8(tvbuff_t *tvb, gint bit_offset, const gint no_of_bits) +tvb_get_bits8(tvbuff_t *tvb, guint bit_offset, const gint no_of_bits) { return (guint8)_tvb_get_bits64(tvb, bit_offset, no_of_bits); } /* Get 1 - 16 bits */ void -tvb_get_bits_buf(tvbuff_t *tvb, gint bit_offset, gint no_of_bits, guint8 *buf, gboolean lsb0) +tvb_get_bits_buf(tvbuff_t *tvb, guint bit_offset, gint no_of_bits, guint8 *buf, gboolean lsb0) { guint8 bit_mask, bit_shift; /* Byte align offset */ @@ -1726,14 +1726,14 @@ tvb_get_bits_buf(tvbuff_t *tvb, gint bit_offset, gint no_of_bits, guint8 *buf, g } guint8 * -ep_tvb_get_bits(tvbuff_t *tvb, gint bit_offset, gint no_of_bits, gboolean lsb0) +ep_tvb_get_bits(tvbuff_t *tvb, guint bit_offset, gint no_of_bits, gboolean lsb0) { gint no_of_bytes; guint8 *buf; /* XXX, no_of_bits == -1 -> to end of tvb? */ - if (no_of_bits < 0 || bit_offset < 0) { + if (no_of_bits < 0) { DISSECTOR_ASSERT_NOT_REACHED(); } @@ -1745,7 +1745,7 @@ ep_tvb_get_bits(tvbuff_t *tvb, gint bit_offset, gint no_of_bits, gboolean lsb0) /* Get 9 - 16 bits */ guint16 -tvb_get_bits16(tvbuff_t *tvb, gint bit_offset, const gint no_of_bits,const guint encoding _U_) +tvb_get_bits16(tvbuff_t *tvb, guint bit_offset, const gint no_of_bits,const guint encoding _U_) { /* note that encoding has no meaning here, as the tvb is considered to contain an octet array */ return (guint16)_tvb_get_bits64(tvb, bit_offset, no_of_bits); @@ -1753,7 +1753,7 @@ tvb_get_bits16(tvbuff_t *tvb, gint bit_offset, const gint no_of_bits,const guint /* Get 1 - 32 bits */ guint32 -tvb_get_bits32(tvbuff_t *tvb, gint bit_offset, const gint no_of_bits, const guint encoding _U_) +tvb_get_bits32(tvbuff_t *tvb, guint bit_offset, const gint no_of_bits, const guint encoding _U_) { /* note that encoding has no meaning here, as the tvb is considered to contain an octet array */ return (guint32)_tvb_get_bits64(tvb, bit_offset, no_of_bits); @@ -1761,7 +1761,7 @@ tvb_get_bits32(tvbuff_t *tvb, gint bit_offset, const gint no_of_bits, const guin /* Get 1 - 64 bits */ guint64 -tvb_get_bits64(tvbuff_t *tvb, gint bit_offset, const gint no_of_bits, const guint encoding _U_) +tvb_get_bits64(tvbuff_t *tvb, guint bit_offset, const gint no_of_bits, const guint encoding _U_) { /* note that encoding has no meaning here, as the tvb is considered to contain an octet array */ return _tvb_get_bits64(tvb, bit_offset, no_of_bits); @@ -1773,7 +1773,7 @@ tvb_get_bits64(tvbuff_t *tvb, gint bit_offset, const gint no_of_bits, const guin * The function tolerates requests for more than 64 bits, but will only return the least significant 64 bits. */ static guint64 -_tvb_get_bits64(tvbuff_t *tvb, gint bit_offset, const gint total_no_of_bits) +_tvb_get_bits64(tvbuff_t *tvb, guint bit_offset, const gint total_no_of_bits) { guint64 value; guint octet_offset = bit_offset >> 3; @@ -1847,7 +1847,7 @@ _tvb_get_bits64(tvbuff_t *tvb, gint bit_offset, const gint total_no_of_bits) } /* Get 1 - 32 bits (should be deprecated as same as tvb_get_bits32??) */ guint32 -tvb_get_bits(tvbuff_t *tvb, const gint bit_offset, const gint no_of_bits, const guint encoding _U_) +tvb_get_bits(tvbuff_t *tvb, const guint bit_offset, const gint no_of_bits, const guint encoding _U_) { /* note that encoding has no meaning here, as the tvb is considered to contain an octet array */ return (guint32)_tvb_get_bits64(tvb, bit_offset, no_of_bits); @@ -3315,12 +3315,12 @@ tvb_uncompress(tvbuff_t *tvb, const int offset, int comprlen) #endif if (uncompr == NULL) { - /* + /* * This is ugly workaround for bug #6480 * (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6480) * * g_memdup(..., 0) returns NULL (g_malloc(0) also) - * when uncompr is NULL logic below doesn't create tvb + * when uncompr is NULL logic below doesn't create tvb * which is later interpreted as decompression failed. */ uncompr = (bytes_pass || err != Z_STREAM_END) ? diff --git a/epan/tvbuff.h b/epan/tvbuff.h index 23939aeed1..d535fd0fca 100644 --- a/epan/tvbuff.h +++ b/epan/tvbuff.h @@ -301,26 +301,26 @@ extern void tvb_get_letohguid(tvbuff_t *tvb, const gint offset, e_guid_t *guid); extern void tvb_get_guid(tvbuff_t *tvb, const gint offset, e_guid_t *guid, const guint representation); /* Fetch a specified number of bits from bit offset in a tvb. - All of these functions are equivalent, except for the type of the retun value. + All of these functions are equivalent, except for the type of the retun value. Note that the parameter encoding (where supplied) is meaningless and ignored */ /* get 1 - 8 bits returned in a guint8 */ -extern guint8 tvb_get_bits8(tvbuff_t *tvb, gint bit_offset, const gint no_of_bits); +extern guint8 tvb_get_bits8(tvbuff_t *tvb, guint bit_offset, const gint no_of_bits); /* get 1 - 16 bits returned in a guint16 */ -extern guint16 tvb_get_bits16(tvbuff_t *tvb, gint bit_offset, const gint no_of_bits, const guint encoding); +extern guint16 tvb_get_bits16(tvbuff_t *tvb, guint bit_offset, const gint no_of_bits, const guint encoding); /* get 1 - 32 bits returned in a guint32 */ -extern guint32 tvb_get_bits32(tvbuff_t *tvb, gint bit_offset, const gint no_of_bits, const guint encoding); +extern guint32 tvb_get_bits32(tvbuff_t *tvb, guint bit_offset, const gint no_of_bits, const guint encoding); /* get 1 - 64 bits returned in a guint64 */ -extern guint64 tvb_get_bits64(tvbuff_t *tvb, gint bit_offset, const gint no_of_bits, const guint encoding); +extern guint64 tvb_get_bits64(tvbuff_t *tvb, guint bit_offset, const gint no_of_bits, const guint encoding); /** * This function has EXACTLY the same behaviour as * tvb_get_bits32() */ -extern guint32 tvb_get_bits(tvbuff_t *tvb, const gint bit_offset, const gint no_of_bits, const guint encoding); +extern guint32 tvb_get_bits(tvbuff_t *tvb, const guint bit_offset, const gint no_of_bits, const guint encoding); -void tvb_get_bits_buf(tvbuff_t *tvb, gint bit_offset, gint no_of_bits, guint8 *buf, gboolean lsb0); -guint8 *ep_tvb_get_bits(tvbuff_t *tvb, gint bit_offset, gint no_of_bits, gboolean lsb0); +void tvb_get_bits_buf(tvbuff_t *tvb, guint bit_offset, gint no_of_bits, guint8 *buf, gboolean lsb0); +guint8 *ep_tvb_get_bits(tvbuff_t *tvb, guint bit_offset, gint no_of_bits, gboolean lsb0); /** Returns target for convenience. Does not suffer from possible * expense of tvb_get_ptr(), since this routine is smart enough |