diff options
| author | Guy Harris <guy@alum.mit.edu> | 2004-02-25 09:31:07 +0000 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2004-02-25 09:31:07 +0000 |
| commit | 857318d3b760aa1ee27b9025746e1f39ce946a53 (patch) | |
| tree | 4e9d5900443b375741a9966dee096dee52c01a1c /packet-nfs.c | |
| parent | 3353ca1d5a8307ce1ae6afd49b3f7525596e0910 (diff) | |
| download | wireshark-857318d3b760aa1ee27b9025746e1f39ce946a53.tar.gz wireshark-857318d3b760aa1ee27b9025746e1f39ce946a53.tar.bz2 wireshark-857318d3b760aa1ee27b9025746e1f39ce946a53.zip | |
Use "tvb_get_string()" instead of allocating a (len+1)-sized buffer,
"tvb_memcpy()"ing to it, and putting in a null terminator;
"tvb_get_string()" will check whether all bytes of the string are
present before allocating the buffer, so that you don't leak memory if
the copy throws an exception, and don't crash if the length is absurdly
large.
Use "tvb_memdup()" instead of allocating a buffer and "tvb_memcpy()"ing
to it, so that an exception is thrown before you try to allocate the
buffer (for the same reasons as listed above).
Before allocating a buffer used when processing a chunk of data from a
packet, get a pointer to the chunk with "tvb_get_ptr()", or check that
the data is all there with "tvb_ensure_bytes_exist()", so that an
exception is thrown before you try to allocate the buffer (for the same
reasons as listed above).
Fix up the lengths of the tvbuff used when dissecting ONC RPC opaque data
with a particular dissector.
svn path=/trunk/; revision=10236
Diffstat (limited to 'packet-nfs.c')
| -rw-r--r-- | packet-nfs.c | 15 |
1 files changed, 4 insertions, 11 deletions
diff --git a/packet-nfs.c b/packet-nfs.c index 1b132a671d..b87b9b1535 100644 --- a/packet-nfs.c +++ b/packet-nfs.c @@ -2,7 +2,7 @@ * Routines for nfs dissection * Copyright 1999, Uwe Girlich <Uwe.Girlich@philosys.de> * Copyright 2000-2002, Mike Frisch <frisch@hummingbird.com> (NFSv4 decoding) - * $Id: packet-nfs.c,v 1.95 2004/02/11 04:34:38 guy Exp $ + * $Id: packet-nfs.c,v 1.96 2004/02/25 09:31:06 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -678,8 +678,7 @@ nfs_name_snoop_add_name(int xid, tvbuff_t *tvb, int name_offset, int name_len, i if(parent_len){ nns->parent_len=parent_len; - nns->parent=g_malloc(parent_len); - memcpy(nns->parent, tvb_get_ptr(tvb, parent_offset, parent_len), parent_len); + nns->parent=tvb_memdup(tvb, parent_offset, parent_len); } else { nns->parent_len=0; nns->parent=NULL; @@ -739,8 +738,7 @@ nfs_name_snoop_add_fh(int xid, tvbuff_t *tvb, int fh_offset, int fh_length) } /* oki, we have a new entry */ - fh=g_malloc(fh_length); - memcpy(fh, tvb_get_ptr(tvb, fh_offset, fh_length), fh_length); + fh=tvb_memdup(tvb, fh_offset, fh_length); nns->fh=fh; nns->fh_length=fh_length; @@ -6022,6 +6020,7 @@ dissect_nfs_attributes(tvbuff_t *tvb, int offset, packet_info *pinfo, int attr_vals_offset; bitmap_len = tvb_get_ntohl(tvb, offset); + tvb_ensure_bytes_exist(tvb, offset, 4 + bitmap_len * 4); fitem = proto_tree_add_text(tree, tvb, offset, 4 + bitmap_len * 4, "%s", "attrmask"); offset += 4; @@ -6039,12 +6038,6 @@ dissect_nfs_attributes(tvbuff_t *tvb, int offset, packet_info *pinfo, for (i = 0; i < bitmap_len; i++) { - if (!tvb_bytes_exist(tvb, offset, 4)) - { - g_free(bitmap); - return offset; - } - bitmap[i] = tvb_get_ntohl(tvb, offset); sl = 0x00000001; |