diff options
| -rw-r--r-- | asn1/gsmmap/gsmmap.cnf | 3 | ||||
| -rw-r--r-- | docbook/release-notes.xml | 4 | ||||
| -rw-r--r-- | epan/dissectors/packet-gsm_map.c | 23 | ||||
| -rw-r--r-- | epan/dissectors/packet-gsm_map.h | 2 |
4 files changed, 18 insertions, 14 deletions
diff --git a/asn1/gsmmap/gsmmap.cnf b/asn1/gsmmap/gsmmap.cnf index ba5cd12e41..112c6783bd 100644 --- a/asn1/gsmmap/gsmmap.cnf +++ b/asn1/gsmmap/gsmmap.cnf @@ -426,6 +426,7 @@ Component guint8 octet; guint8 length; guint8 out_len; + /* XXX - The maximum item label length is 240. Does this really need to be 1024? */ static char bigbuf[1024]; octet = tvb_get_guint8(tvb,0); @@ -435,7 +436,7 @@ Component tvb_get_ptr(tvb, offset+2, length), bigbuf); bigbuf[out_len] = '\0'; gsm_sms_char_ascii_decode(bigbuf, bigbuf, out_len); - bigbuf[1024] = '\0'; + bigbuf[1023] = '\0'; proto_tree_add_text(tree, tvb, offset+2, length, "USSD String: %%s", bigbuf); diff --git a/docbook/release-notes.xml b/docbook/release-notes.xml index 1b3a50ab29..3e7fa876ca 100644 --- a/docbook/release-notes.xml +++ b/docbook/release-notes.xml @@ -255,7 +255,7 @@ Ethereal Info <!-- CID 108: Not security-related --> <listitem><para> - The ASN.1 dissector could crash Ethereal. + ASN.1-based dissectors could crash Ethereal. <!-- Fixed in r17489 --> <!-- Bug IDs: None --> <!-- Coverity CID 109 --> @@ -305,8 +305,10 @@ Ethereal Info <!-- CID 140 - 141: Bogus --> <!-- CID 142: Not security-releated --> <!-- CID 143 - 144: See CID 79 --> + <!-- CID 144: Lemon is a build-time tool --> <!-- CID 145: Post-0.10.14 --> <!-- CID 146: See CID 42 --> + <!-- CID 147 - 148: Post-0.10.14 --> </itemizedlist> </para> diff --git a/epan/dissectors/packet-gsm_map.c b/epan/dissectors/packet-gsm_map.c index 6ccff94741..d0eb142468 100644 --- a/epan/dissectors/packet-gsm_map.c +++ b/epan/dissectors/packet-gsm_map.c @@ -1,6 +1,6 @@ /* Do not modify this file. */ /* It is created automatically by the ASN.1 to Ethereal dissector compiler */ -/* .\packet-gsm_map.c */ +/* ./packet-gsm_map.c */ /* ../../tools/asn2eth.py -X -b -e -p gsm_map -c gsmmap.cnf -s packet-gsm_map-template GSMMAP.asn */ /* Input file: packet-gsm_map-template.c */ @@ -2572,7 +2572,7 @@ static int dissect_diagnosticInfo(packet_info *pinfo, proto_tree *tree, tvbuff_t static int dissect_gsm_map_T_extType(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) { -#line 446 "gsmmap.cnf" +#line 447 "gsmmap.cnf" proto_tree_add_text(tree, tvb, offset, -1, "Extension Data"); call_dissector(data_handle, tvb, pinfo, tree); @@ -3074,7 +3074,7 @@ static int dissect_vlr_Capability_impl(packet_info *pinfo, proto_tree *tree, tvb int dissect_gsm_map_GSN_Address(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) { -#line 524 "gsmmap.cnf" +#line 525 "gsmmap.cnf" tvbuff_t *parameter_tvb; guint8 octet; @@ -3470,7 +3470,7 @@ static int dissect_numberOfRequestedVectors(packet_info *pinfo, proto_tree *tree int dissect_gsm_map_LAIFixedLength(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) { -#line 572 "gsmmap.cnf" +#line 573 "gsmmap.cnf" tvbuff_t *parameter_tvb; proto_item *item; @@ -5565,7 +5565,7 @@ static int dissect_gsm_map_T_forwardingOptions(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) { offset = dissect_gsm_map_Ext_ForwOptions(implicit_tag, tvb, offset, pinfo, tree, hf_index); -#line 459 "gsmmap.cnf" +#line 460 "gsmmap.cnf" proto_tree_add_item(tree, hf_gsm_map_notification_to_forwarding_party, tvb, 0,1,FALSE); proto_tree_add_item(tree, hf_gsm_map_redirecting_presentation, tvb, 0,1,FALSE); @@ -6994,7 +6994,7 @@ static int dissect_pdp_ContextIdentifier_impl(packet_info *pinfo, proto_tree *tr static int dissect_gsm_map_PDP_Type(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) { -#line 470 "gsmmap.cnf" +#line 471 "gsmmap.cnf" guint8 pdp_type_org; tvbuff_t *parameter_tvb; @@ -7043,7 +7043,7 @@ static int dissect_pdp_Address_impl(packet_info *pinfo, proto_tree *tree, tvbuff int dissect_gsm_map_QoS_Subscribed(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) { -#line 496 "gsmmap.cnf" +#line 497 "gsmmap.cnf" tvbuff_t *parameter_tvb; @@ -7089,7 +7089,7 @@ static int dissect_lcsAPN_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *t int dissect_gsm_map_Ext_QoS_Subscribed(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) { -#line 510 "gsmmap.cnf" +#line 511 "gsmmap.cnf" tvbuff_t *parameter_tvb; @@ -8319,7 +8319,7 @@ dissect_gsm_map_ForwardingOptions(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset = dissect_ber_octet_string(implicit_tag, pinfo, tree, tvb, offset, hf_index, NULL); -#line 453 "gsmmap.cnf" +#line 454 "gsmmap.cnf" proto_tree_add_item(tree, hf_gsm_map_notification_to_forwarding_party, tvb, 0,1,FALSE); proto_tree_add_item(tree, hf_gsm_map_redirecting_presentation, tvb, 0,1,FALSE); @@ -9201,7 +9201,7 @@ static int dissect_subscriberState(packet_info *pinfo, proto_tree *tree, tvbuff_ int dissect_gsm_map_RAIdentity(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) { -#line 554 "gsmmap.cnf" +#line 555 "gsmmap.cnf" tvbuff_t *parameter_tvb; proto_item *item; @@ -10578,6 +10578,7 @@ dissect_gsm_map_USSD_String(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset guint8 octet; guint8 length; guint8 out_len; + /* XXX - The maximum item label length is 240. Does this really need to be 1024? */ static char bigbuf[1024]; octet = tvb_get_guint8(tvb,0); @@ -10587,7 +10588,7 @@ dissect_gsm_map_USSD_String(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset tvb_get_ptr(tvb, offset+2, length), bigbuf); bigbuf[out_len] = '\0'; gsm_sms_char_ascii_decode(bigbuf, bigbuf, out_len); - bigbuf[1024] = '\0'; + bigbuf[1023] = '\0'; proto_tree_add_text(tree, tvb, offset+2, length, "USSD String: %s", bigbuf); diff --git a/epan/dissectors/packet-gsm_map.h b/epan/dissectors/packet-gsm_map.h index 71e5737e14..5641dbddff 100644 --- a/epan/dissectors/packet-gsm_map.h +++ b/epan/dissectors/packet-gsm_map.h @@ -1,6 +1,6 @@ /* Do not modify this file. */ /* It is created automatically by the ASN.1 to Ethereal dissector compiler */ -/* .\packet-gsm_map.h */ +/* ./packet-gsm_map.h */ /* ../../tools/asn2eth.py -X -b -e -p gsm_map -c gsmmap.cnf -s packet-gsm_map-template GSMMAP.asn */ /* Input file: packet-gsm_map-template.h */ |