Compare commits
No commits in common. 'c9' and 'i9' have entirely different histories.
@ -1,29 +0,0 @@
|
|||||||
From c4f37d77b29ec6a9754795d0efb6f68d633728d9 Mon Sep 17 00:00:00 2001
|
|
||||||
From: John Thacker <johnthacker@gmail.com>
|
|
||||||
Date: Sat, 20 May 2023 23:08:08 -0400
|
|
||||||
Subject: [PATCH] synphasor: Use val_to_str_const
|
|
||||||
|
|
||||||
Don't use a value from packet data to directly index a value_string,
|
|
||||||
particularly when the value string doesn't cover all possible values.
|
|
||||||
|
|
||||||
Fix #19087
|
|
||||||
---
|
|
||||||
epan/dissectors/packet-synphasor.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/epan/dissectors/packet-synphasor.c b/epan/dissectors/packet-synphasor.c
|
|
||||||
index 536847f7502..fdc9e282b3a 100644
|
|
||||||
--- a/epan/dissectors/packet-synphasor.c
|
|
||||||
+++ b/epan/dissectors/packet-synphasor.c
|
|
||||||
@@ -1211,7 +1211,7 @@ static gint dissect_PHSCALE(tvbuff_t *tvb, proto_tree *tree, gint offset, gint c
|
|
||||||
|
|
||||||
data_flag_tree = proto_tree_add_subtree_format(single_phasor_scaling_and_flags_tree, tvb, offset, 4,
|
|
||||||
ett_conf_phflags, NULL, "Phasor Data flags: %s",
|
|
||||||
- conf_phasor_type[tvb_get_guint8(tvb, offset + 2)].strptr);
|
|
||||||
+ val_to_str_const(tvb_get_guint8(tvb, offset + 2), conf_phasor_type, "Unknown"));
|
|
||||||
|
|
||||||
/* first and second bytes - phasor modification flags*/
|
|
||||||
phasor_flag1_tree = proto_tree_add_subtree_format(data_flag_tree, tvb, offset, 2, ett_conf_phmod_flags,
|
|
||||||
--
|
|
||||||
GitLab
|
|
||||||
|
|
||||||
@ -1,116 +0,0 @@
|
|||||||
From 28fdce547c417b868c521f87fb58f71ca6b1e3f7 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Gerald Combs <gerald@wireshark.org>
|
|
||||||
Date: Thu, 18 May 2023 13:52:48 -0700
|
|
||||||
Subject: [PATCH] RTPS: Fixup our g_strlcpy dest_sizes
|
|
||||||
|
|
||||||
Use the proper dest_size in various g_strlcpy calls.
|
|
||||||
|
|
||||||
Fixes #19085
|
|
||||||
---
|
|
||||||
epan/dissectors/packet-rtps.c | 22 +++++++++++-----------
|
|
||||||
1 file changed, 11 insertions(+), 11 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/epan/dissectors/packet-rtps.c b/epan/dissectors/packet-rtps.c
|
|
||||||
index 2884e86faa1..a39202952f6 100644
|
|
||||||
--- a/epan/dissectors/packet-rtps.c
|
|
||||||
+++ b/epan/dissectors/packet-rtps.c
|
|
||||||
@@ -4944,7 +4944,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
|
|
||||||
++tk_id;
|
|
||||||
}
|
|
||||||
|
|
||||||
- g_strlcpy(type_name, rtps_util_typecode_id_to_string(tk_id), 40);
|
|
||||||
+ g_strlcpy(type_name, rtps_util_typecode_id_to_string(tk_id), sizeof(type_name));
|
|
||||||
|
|
||||||
/* Structure of the typecode data:
|
|
||||||
*
|
|
||||||
@@ -5115,7 +5115,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
|
|
||||||
member_name, -1, NULL, ndds_40_hack);
|
|
||||||
}
|
|
||||||
/* Finally prints the name of the struct (if provided) */
|
|
||||||
- g_strlcpy(type_name, "}", 40);
|
|
||||||
+ g_strlcpy(type_name, "}", sizeof(type_name));
|
|
||||||
break;
|
|
||||||
|
|
||||||
} /* end of case UNION */
|
|
||||||
@@ -5286,7 +5286,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
/* Finally prints the name of the struct (if provided) */
|
|
||||||
- g_strlcpy(type_name, "}", 40);
|
|
||||||
+ g_strlcpy(type_name, "}", sizeof(type_name));
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -5378,7 +5378,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
|
|
||||||
offset += 4;
|
|
||||||
alias_name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, alias_name_length, ENC_ASCII);
|
|
||||||
offset += alias_name_length;
|
|
||||||
- g_strlcpy(type_name, alias_name, 40);
|
|
||||||
+ g_strlcpy(type_name, alias_name, sizeof(type_name));
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -5413,7 +5413,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
|
|
||||||
if (tk_id == RTI_CDR_TK_VALUE_PARAM) {
|
|
||||||
type_id_name = "valueparam";
|
|
||||||
}
|
|
||||||
- g_snprintf(type_name, 40, "%s '%s'", type_id_name, value_name);
|
|
||||||
+ g_snprintf(type_name, sizeof(type_name), "%s '%s'", type_id_name, value_name);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
} /* switch(tk_id) */
|
|
||||||
@@ -5577,7 +5577,7 @@ static gint rtps_util_add_type_library_type(proto_tree *tree,
|
|
||||||
long_number = tvb_get_guint32(tvb, offset_tmp, encoding);
|
|
||||||
name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset_tmp+4, long_number, ENC_ASCII);
|
|
||||||
if (info)
|
|
||||||
- g_strlcpy(info->member_name, name, long_number);
|
|
||||||
+ g_strlcpy(info->member_name, name, sizeof(info->member_name));
|
|
||||||
|
|
||||||
proto_item_append_text(tree, " %s", name);
|
|
||||||
offset += member_length;
|
|
||||||
@@ -5753,13 +5753,13 @@ static gint rtps_util_add_type_member(proto_tree *tree,
|
|
||||||
proto_item_append_text(tree, " %s (ID: %d)", name, member_id);
|
|
||||||
if (member_object) {
|
|
||||||
member_object->member_id = member_id;
|
|
||||||
- g_strlcpy(member_object->member_name, name, long_number < 256 ? long_number : 256);
|
|
||||||
+ g_strlcpy(member_object->member_name, name, sizeof(member_object->member_name));
|
|
||||||
member_object->type_id = member_type_id;
|
|
||||||
}
|
|
||||||
if (info && info->extensibility == EXTENSIBILITY_MUTABLE) {
|
|
||||||
mutable_member_mapping * mutable_mapping = NULL;
|
|
||||||
mutable_mapping = wmem_new(wmem_file_scope(), mutable_member_mapping);
|
|
||||||
- g_strlcpy(mutable_mapping->member_name, name, long_number < 256 ? long_number : 256);
|
|
||||||
+ g_strlcpy(mutable_mapping->member_name, name, sizeof(mutable_mapping->member_name));
|
|
||||||
mutable_mapping->struct_type_id = info->type_id;
|
|
||||||
mutable_mapping->member_type_id = member_type_id;
|
|
||||||
mutable_mapping->member_id = member_id;
|
|
||||||
@@ -5814,7 +5814,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree,
|
|
||||||
union_member_mapping * mapping = NULL;
|
|
||||||
|
|
||||||
mapping = wmem_new(wmem_file_scope(), union_member_mapping);
|
|
||||||
- g_strlcpy(mapping->member_name, object.member_name, 256);
|
|
||||||
+ g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name));
|
|
||||||
mapping->member_type_id = object.type_id;
|
|
||||||
mapping->discriminator = HASHMAP_DISCRIMINATOR_CONSTANT;
|
|
||||||
mapping->union_type_id = union_type_id + mapping->discriminator;
|
|
||||||
@@ -5827,7 +5827,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree,
|
|
||||||
union_member_mapping * mapping = NULL;
|
|
||||||
|
|
||||||
mapping = wmem_new(wmem_file_scope(), union_member_mapping);
|
|
||||||
- g_strlcpy(mapping->member_name, object.member_name, 256);
|
|
||||||
+ g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name));
|
|
||||||
mapping->member_type_id = object.type_id;
|
|
||||||
mapping->discriminator = -1;
|
|
||||||
mapping->union_type_id = union_type_id + mapping->discriminator;
|
|
||||||
@@ -5847,7 +5847,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree,
|
|
||||||
ti = proto_tree_add_item(labels, hf_rtps_type_object_union_label, tvb, offset_tmp, 4, encoding);
|
|
||||||
offset_tmp += 4;
|
|
||||||
|
|
||||||
- g_strlcpy(mapping->member_name, object.member_name, 256);
|
|
||||||
+ g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name));
|
|
||||||
mapping->member_type_id = object.type_id;
|
|
||||||
mapping->discriminator = discriminator_case;
|
|
||||||
mapping->union_type_id = union_type_id + discriminator_case;
|
|
||||||
--
|
|
||||||
GitLab
|
|
||||||
|
|
||||||
@ -1,93 +0,0 @@
|
|||||||
From 74017383c8c73f25d12ef847c96854641f88fae4 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Guy Harris <gharris@sonic.net>
|
|
||||||
Date: Fri, 19 May 2023 16:29:45 -0700
|
|
||||||
Subject: [PATCH] netscaler: add more checks to make sure the record is within
|
|
||||||
the page.
|
|
||||||
|
|
||||||
Whie we're at it, restructure some other checks to test-before-casting -
|
|
||||||
it's OK to test afterwards, but testing before makes it follow the
|
|
||||||
pattern used elsewhere.
|
|
||||||
|
|
||||||
Fixes #19081.
|
|
||||||
|
|
||||||
|
|
||||||
(cherry picked from commit cb190d6839ddcd4596b0205844f45553f1e77105)
|
|
||||||
---
|
|
||||||
wiretap/netscaler.c | 15 ++++++++++-----
|
|
||||||
1 file changed, 10 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/wiretap/netscaler.c b/wiretap/netscaler.c
|
|
||||||
index 8dcbd42a089..b94caca0869 100644
|
|
||||||
--- a/wiretap/netscaler.c
|
|
||||||
+++ b/wiretap/netscaler.c
|
|
||||||
@@ -1114,13 +1114,13 @@ static gboolean nstrace_set_start_time(wtap *wth, int file_version, int *err,
|
|
||||||
|
|
||||||
#define PACKET_DESCRIBE(rec,buf,FULLPART,fullpart,ver,type,HEADERVER) \
|
|
||||||
do {\
|
|
||||||
- nspr_pktrace##fullpart##_v##ver##_t *type = (nspr_pktrace##fullpart##_v##ver##_t *) &nstrace_buf[nstrace_buf_offset];\
|
|
||||||
/* Make sure the record header is entirely contained in the page */\
|
|
||||||
- if ((nstrace_buflen - nstrace_buf_offset) < sizeof *type) {\
|
|
||||||
+ if ((nstrace_buflen - nstrace_buf_offset) < sizeof(nspr_pktrace##fullpart##_v##ver##_t)) {\
|
|
||||||
*err = WTAP_ERR_BAD_FILE;\
|
|
||||||
*err_info = g_strdup("nstrace: record header crosses page boundary");\
|
|
||||||
return FALSE;\
|
|
||||||
}\
|
|
||||||
+ nspr_pktrace##fullpart##_v##ver##_t *type = (nspr_pktrace##fullpart##_v##ver##_t *) &nstrace_buf[nstrace_buf_offset];\
|
|
||||||
/* Check sanity of record size */\
|
|
||||||
if (pletoh16(&type->nsprRecordSize) < sizeof *type) {\
|
|
||||||
*err = WTAP_ERR_BAD_FILE;\
|
|
||||||
@@ -1186,6 +1186,8 @@ static gboolean nstrace_read_v10(wtap *wth, wtap_rec *rec, Buffer *buf,
|
|
||||||
|
|
||||||
case NSPR_ABSTIME_V10:
|
|
||||||
{
|
|
||||||
+ if (!nstrace_ensure_buflen(nstrace, nstrace_buf_offset, sizeof(nspr_pktracefull_v10_t), err, err_info))
|
|
||||||
+ return FALSE;
|
|
||||||
nspr_pktracefull_v10_t *fp = (nspr_pktracefull_v10_t *) &nstrace_buf[nstrace_buf_offset];
|
|
||||||
if (pletoh16(&fp->nsprRecordSize) == 0) {
|
|
||||||
*err = WTAP_ERR_BAD_FILE;
|
|
||||||
@@ -1199,6 +1201,8 @@ static gboolean nstrace_read_v10(wtap *wth, wtap_rec *rec, Buffer *buf,
|
|
||||||
|
|
||||||
case NSPR_RELTIME_V10:
|
|
||||||
{
|
|
||||||
+ if (!nstrace_ensure_buflen(nstrace, nstrace_buf_offset, sizeof(nspr_pktracefull_v10_t), err, err_info))
|
|
||||||
+ return FALSE;
|
|
||||||
nspr_pktracefull_v10_t *fp = (nspr_pktracefull_v10_t *) &nstrace_buf[nstrace_buf_offset];
|
|
||||||
if (pletoh16(&fp->nsprRecordSize) == 0) {
|
|
||||||
*err = WTAP_ERR_BAD_FILE;
|
|
||||||
@@ -1216,6 +1220,8 @@ static gboolean nstrace_read_v10(wtap *wth, wtap_rec *rec, Buffer *buf,
|
|
||||||
|
|
||||||
default:
|
|
||||||
{
|
|
||||||
+ if (!nstrace_ensure_buflen(nstrace, nstrace_buf_offset, sizeof(nspr_pktracefull_v10_t), err, err_info))
|
|
||||||
+ return FALSE;
|
|
||||||
nspr_pktracefull_v10_t *fp = (nspr_pktracefull_v10_t *) &nstrace_buf[nstrace_buf_offset];
|
|
||||||
if (pletoh16(&fp->nsprRecordSize) == 0) {
|
|
||||||
*err = WTAP_ERR_BAD_FILE;
|
|
||||||
@@ -1500,14 +1506,14 @@ static gboolean nstrace_read_v20(wtap *wth, wtap_rec *rec, Buffer *buf,
|
|
||||||
|
|
||||||
#define PACKET_DESCRIBE(rec,buf,FULLPART,ver,enumprefix,type,structname,HEADERVER)\
|
|
||||||
do {\
|
|
||||||
- nspr_##structname##_t *fp = (nspr_##structname##_t *) &nstrace_buf[nstrace_buf_offset];\
|
|
||||||
/* Make sure the record header is entirely contained in the page */\
|
|
||||||
- if ((nstrace->nstrace_buflen - nstrace_buf_offset) < sizeof *fp) {\
|
|
||||||
+ if ((nstrace->nstrace_buflen - nstrace_buf_offset) < sizeof(nspr_##structname##_t)) {\
|
|
||||||
*err = WTAP_ERR_BAD_FILE;\
|
|
||||||
*err_info = g_strdup("nstrace: record header crosses page boundary");\
|
|
||||||
g_free(nstrace_tmpbuff);\
|
|
||||||
return FALSE;\
|
|
||||||
}\
|
|
||||||
+ nspr_##structname##_t *fp = (nspr_##structname##_t *) &nstrace_buf[nstrace_buf_offset];\
|
|
||||||
(rec)->rec_type = REC_TYPE_PACKET;\
|
|
||||||
TIMEDEFV##ver((rec),fp,type);\
|
|
||||||
FULLPART##SIZEDEFV##ver((rec),fp,ver);\
|
|
||||||
@@ -1615,7 +1621,6 @@ static gboolean nstrace_read_v30(wtap *wth, wtap_rec *rec, Buffer *buf,
|
|
||||||
g_free(nstrace_tmpbuff);
|
|
||||||
return FALSE;
|
|
||||||
}
|
|
||||||
-
|
|
||||||
hdp = (nspr_hd_v20_t *) &nstrace_buf[nstrace_buf_offset];
|
|
||||||
if (nspr_getv20recordsize(hdp) == 0) {
|
|
||||||
*err = WTAP_ERR_BAD_FILE;
|
|
||||||
--
|
|
||||||
GitLab
|
|
||||||
|
|
||||||
@ -1,67 +0,0 @@
|
|||||||
From da017472e69453011ea28571f192cbc79cba7f5c Mon Sep 17 00:00:00 2001
|
|
||||||
From: Guy Harris <gharris@sonic.net>
|
|
||||||
Date: Thu, 18 May 2023 15:03:23 -0700
|
|
||||||
Subject: [PATCH] vms: fix the search for the packet length field.
|
|
||||||
|
|
||||||
The packet length field is of the form
|
|
||||||
|
|
||||||
Total Length = DDD = ^xXXX
|
|
||||||
|
|
||||||
where "DDD" is the length in decimal and "XXX" is the length in
|
|
||||||
hexadecimal.
|
|
||||||
|
|
||||||
Search for "length ". not just "Length", as we skip past "Length ", not
|
|
||||||
just "Length", so if we assume we found "Length " but only found
|
|
||||||
"Length", we'd skip past the end of the string.
|
|
||||||
|
|
||||||
While we're at it, fail if we don't find a length field, rather than
|
|
||||||
just blithely acting as if the packet length were zero.
|
|
||||||
|
|
||||||
Fixes #19083.
|
|
||||||
|
|
||||||
|
|
||||||
(cherry picked from commit db5135826de3a5fdb3618225c2ff02f4207012ca)
|
|
||||||
---
|
|
||||||
wiretap/vms.c | 9 ++++++++-
|
|
||||||
1 file changed, 8 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/wiretap/vms.c b/wiretap/vms.c
|
|
||||||
index 00da6ff359e..c21b26e6be0 100644
|
|
||||||
--- a/wiretap/vms.c
|
|
||||||
+++ b/wiretap/vms.c
|
|
||||||
@@ -322,6 +322,7 @@ parse_vms_packet(FILE_T fh, wtap_rec *rec, Buffer *buf, int *err, gchar **err_in
|
|
||||||
{
|
|
||||||
char line[VMS_LINE_LENGTH + 1];
|
|
||||||
int num_items_scanned;
|
|
||||||
+ gboolean have_pkt_len = FALSE;
|
|
||||||
guint32 pkt_len = 0;
|
|
||||||
int pktnum;
|
|
||||||
int csec = 101;
|
|
||||||
@@ -378,7 +379,7 @@ parse_vms_packet(FILE_T fh, wtap_rec *rec, Buffer *buf, int *err, gchar **err_in
|
|
||||||
return FALSE;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
- if ( (! pkt_len) && (p = strstr(line, "Length"))) {
|
|
||||||
+ if ( (! have_pkt_len) && (p = strstr(line, "Length "))) {
|
|
||||||
p += sizeof("Length ");
|
|
||||||
while (*p && ! g_ascii_isdigit(*p))
|
|
||||||
p++;
|
|
||||||
@@ -394,9 +395,15 @@ parse_vms_packet(FILE_T fh, wtap_rec *rec, Buffer *buf, int *err, gchar **err_in
|
|
||||||
*err_info = g_strdup_printf("vms: Length field '%s' not valid", p);
|
|
||||||
return FALSE;
|
|
||||||
}
|
|
||||||
+ have_pkt_len = TRUE;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
} while (! isdumpline(line));
|
|
||||||
+ if (! have_pkt_len) {
|
|
||||||
+ *err = WTAP_ERR_BAD_FILE;
|
|
||||||
+ *err_info = g_strdup_printf("vms: Length field not found");
|
|
||||||
+ return FALSE;
|
|
||||||
+ }
|
|
||||||
if (pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD) {
|
|
||||||
/*
|
|
||||||
* Probably a corrupt capture file; return an error,
|
|
||||||
--
|
|
||||||
GitLab
|
|
||||||
|
|
||||||
@ -1,103 +0,0 @@
|
|||||||
From 0181fafb2134a177328443a60b5e29c4ee1041cb Mon Sep 17 00:00:00 2001
|
|
||||||
From: Guy Harris <gharris@sonic.net>
|
|
||||||
Date: Tue, 16 May 2023 12:05:07 -0700
|
|
||||||
Subject: [PATCH] candump: check for a too-long frame length.
|
|
||||||
|
|
||||||
If the frame length is longer than the maximum, report an error in the
|
|
||||||
file.
|
|
||||||
|
|
||||||
Fixes #19062, preventing the overflow on a buffer on the stack (assuming
|
|
||||||
your compiler doesn't call a bounds-checknig version of memcpy() if the
|
|
||||||
size of the target space is known).
|
|
||||||
---
|
|
||||||
wiretap/candump.c | 39 +++++++++++++++++++++++++++++++--------
|
|
||||||
1 file changed, 31 insertions(+), 8 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/wiretap/candump.c b/wiretap/candump.c
|
|
||||||
index 62f89e7b564..43863b45cf7 100644
|
|
||||||
--- a/wiretap/candump.c
|
|
||||||
+++ b/wiretap/candump.c
|
|
||||||
@@ -34,8 +34,9 @@ void register_candump(void);
|
|
||||||
wtap_rec *rec, Buffer *buf,
|
|
||||||
int *err, gchar **err_info);
|
|
||||||
|
|
||||||
-static void
|
|
||||||
-candump_write_packet(wtap_rec *rec, Buffer *buf, const msg_t *msg)
|
|
||||||
+static gboolean
|
|
||||||
+candump_write_packet(wtap_rec *rec, Buffer *buf, const msg_t *msg, int *err,
|
|
||||||
+ gchar **err_info)
|
|
||||||
{
|
|
||||||
static const char *can_proto_name = "can-hostendian";
|
|
||||||
static const char *canfd_proto_name = "canfd";
|
|
||||||
@@ -56,6 +57,18 @@ candump_write_packet(wtap_rec *rec, Buffer *buf, const msg_t *msg)
|
|
||||||
{
|
|
||||||
canfd_frame_t canfd_frame = {0};
|
|
||||||
|
|
||||||
+ /*
|
|
||||||
+ * There's a maximum of CANFD_MAX_DLEN bytes in a CAN-FD frame.
|
|
||||||
+ */
|
|
||||||
+ if (msg->data.length > CANFD_MAX_DLEN) {
|
|
||||||
+ *err = WTAP_ERR_BAD_FILE;
|
|
||||||
+ if (err_info != NULL) {
|
|
||||||
+ *err_info = g_strdup_printf("candump: File has %u-byte CAN FD packet, bigger than maximum of %u",
|
|
||||||
+ msg->data.length, CANFD_MAX_DLEN);
|
|
||||||
+ }
|
|
||||||
+ return FALSE;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
canfd_frame.can_id = msg->id;
|
|
||||||
canfd_frame.flags = msg->flags;
|
|
||||||
canfd_frame.len = msg->data.length;
|
|
||||||
@@ -67,6 +80,18 @@ candump_write_packet(wtap_rec *rec, Buffer *buf, const msg_t *msg)
|
|
||||||
{
|
|
||||||
can_frame_t can_frame = {0};
|
|
||||||
|
|
||||||
+ /*
|
|
||||||
+ * There's a maximum of CAN_MAX_DLEN bytes in a CAN frame.
|
|
||||||
+ */
|
|
||||||
+ if (msg->data.length > CAN_MAX_DLEN) {
|
|
||||||
+ *err = WTAP_ERR_BAD_FILE;
|
|
||||||
+ if (err_info != NULL) {
|
|
||||||
+ *err_info = g_strdup_printf("candump: File has %u-byte CAN packet, bigger than maximum of %u",
|
|
||||||
+ msg->data.length, CAN_MAX_DLEN);
|
|
||||||
+ }
|
|
||||||
+ return FALSE;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
can_frame.can_id = msg->id;
|
|
||||||
can_frame.can_dlc = msg->data.length;
|
|
||||||
memcpy(can_frame.data, msg->data.data, msg->data.length);
|
|
||||||
@@ -82,6 +107,8 @@ candump_write_packet(wtap_rec *rec, Buffer *buf, const msg_t *msg)
|
|
||||||
|
|
||||||
rec->rec_header.packet_header.caplen = packet_length;
|
|
||||||
rec->rec_header.packet_header.len = packet_length;
|
|
||||||
+
|
|
||||||
+ return TRUE;
|
|
||||||
}
|
|
||||||
|
|
||||||
static gboolean
|
|
||||||
@@ -188,9 +215,7 @@ candump_read(wtap *wth, wtap_rec *rec, Buffer *buf, int *err, gchar **err_info,
|
|
||||||
ws_debug_printf("%s: Stopped at offset %" PRIi64 "\n", G_STRFUNC, file_tell(wth->fh));
|
|
||||||
#endif
|
|
||||||
|
|
||||||
- candump_write_packet(rec, buf, &msg);
|
|
||||||
-
|
|
||||||
- return TRUE;
|
|
||||||
+ return candump_write_packet(rec, buf, &msg, err, err_info);
|
|
||||||
}
|
|
||||||
|
|
||||||
static gboolean
|
|
||||||
@@ -214,9 +239,7 @@ candump_seek_read(wtap *wth , gint64 seek_off, wtap_rec *rec,
|
|
||||||
if (!candump_parse(wth->random_fh, &msg, NULL, err, err_info))
|
|
||||||
return FALSE;
|
|
||||||
|
|
||||||
- candump_write_packet(rec, buf, &msg);
|
|
||||||
-
|
|
||||||
- return TRUE;
|
|
||||||
+ return candump_write_packet(rec, buf, &msg, err, err_info);
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
--
|
|
||||||
GitLab
|
|
||||||
|
|
||||||
@ -1,98 +0,0 @@
|
|||||||
From e18d0e369729b0fff5f76f41cbae67e97c2e52e5 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Gerald Combs <gerald@wireshark.org>
|
|
||||||
Date: Tue, 23 May 2023 13:52:03 -0700
|
|
||||||
Subject: [PATCH] XRA: Fix an infinite loop
|
|
||||||
|
|
||||||
C compilers don't care what size a value was on the wire. Use
|
|
||||||
naturally-sized ints, including in dissect_message_channel_mb where we
|
|
||||||
would otherwise overflow and loop infinitely.
|
|
||||||
|
|
||||||
Fixes #19100
|
|
||||||
|
|
||||||
(cherry picked from commit ce87eac0325581b600b3093fcd75080df14ccfda)
|
|
||||||
|
|
||||||
Conflicts:
|
|
||||||
epan/dissectors/packet-xra.c
|
|
||||||
---
|
|
||||||
epan/dissectors/packet-xra.c | 16 ++++++++--------
|
|
||||||
1 file changed, 8 insertions(+), 8 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/epan/dissectors/packet-xra.c b/epan/dissectors/packet-xra.c
|
|
||||||
index ef8437e9382..4c3713db94b 100644
|
|
||||||
--- a/epan/dissectors/packet-xra.c
|
|
||||||
+++ b/epan/dissectors/packet-xra.c
|
|
||||||
@@ -445,7 +445,7 @@ dissect_xra_tlv_cw_info(tvbuff_t * tvb, proto_tree * tree, void* data _U_, guint
|
|
||||||
it = proto_tree_add_item (tree, hf_xra_tlv_cw_info, tvb, 0, tlv_length, ENC_NA);
|
|
||||||
xra_tlv_cw_info_tree = proto_item_add_subtree (it, ett_xra_tlv_cw_info);
|
|
||||||
|
|
||||||
- guint32 tlv_index =0;
|
|
||||||
+ unsigned tlv_index = 0;
|
|
||||||
while (tlv_index < tlv_length) {
|
|
||||||
guint8 type = tvb_get_guint8 (tvb, tlv_index);
|
|
||||||
++tlv_index;
|
|
||||||
@@ -500,7 +500,7 @@ dissect_xra_tlv_ms_info(tvbuff_t * tvb, proto_tree * tree, void* data _U_, guint
|
|
||||||
it = proto_tree_add_item (tree, hf_xra_tlv_ms_info, tvb, 0, tlv_length, ENC_NA);
|
|
||||||
xra_tlv_ms_info_tree = proto_item_add_subtree (it, ett_xra_tlv_ms_info);
|
|
||||||
|
|
||||||
- guint32 tlv_index =0;
|
|
||||||
+ unsigned tlv_index = 0;
|
|
||||||
while (tlv_index < tlv_length) {
|
|
||||||
guint8 type = tvb_get_guint8 (tvb, tlv_index);
|
|
||||||
++tlv_index;
|
|
||||||
@@ -534,7 +534,7 @@ dissect_xra_tlv_burst_info(tvbuff_t * tvb, proto_tree * tree, void* data _U_, gu
|
|
||||||
it = proto_tree_add_item (tree, hf_xra_tlv_burst_info, tvb, 0, tlv_length, ENC_NA);
|
|
||||||
xra_tlv_burst_info_tree = proto_item_add_subtree (it, ett_xra_tlv_burst_info);
|
|
||||||
|
|
||||||
- guint32 tlv_index =0;
|
|
||||||
+ unsigned tlv_index = 0;
|
|
||||||
while (tlv_index < tlv_length) {
|
|
||||||
guint8 type = tvb_get_guint8 (tvb, tlv_index);
|
|
||||||
++tlv_index;
|
|
||||||
@@ -574,7 +574,7 @@ dissect_xra_tlv(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, void* da
|
|
||||||
it = proto_tree_add_item (tree, hf_xra_tlv, tvb, 0, tlv_length, ENC_NA);
|
|
||||||
xra_tlv_tree = proto_item_add_subtree (it, ett_xra_tlv);
|
|
||||||
|
|
||||||
- guint32 tlv_index =0;
|
|
||||||
+ unsigned tlv_index = 0;
|
|
||||||
tvbuff_t *xra_tlv_cw_info_tvb, *xra_tlv_ms_info_tvb, *xra_tlv_burst_info_tvb;
|
|
||||||
|
|
||||||
while (tlv_index < tlv_length) {
|
|
||||||
@@ -718,7 +718,7 @@ dissect_message_channel_mb(tvbuff_t * tvb, packet_info * pinfo, proto_tree* tree
|
|
||||||
if(packet_start_pointer_field_present) {
|
|
||||||
proto_tree_add_item_ret_uint (tree, hf_plc_mb_mc_psp, tvb, 1, 2, FALSE, &packet_start_pointer);
|
|
||||||
|
|
||||||
- guint16 docsis_start = 3 + packet_start_pointer;
|
|
||||||
+ unsigned docsis_start = 3 + packet_start_pointer;
|
|
||||||
while (docsis_start + 6 < remaining_length) {
|
|
||||||
/*DOCSIS header in packet*/
|
|
||||||
guint8 fc = tvb_get_guint8(tvb,docsis_start + 0);
|
|
||||||
@@ -727,7 +727,7 @@ dissect_message_channel_mb(tvbuff_t * tvb, packet_info * pinfo, proto_tree* tree
|
|
||||||
docsis_start += 1;
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
- guint16 docsis_length = 256*tvb_get_guint8(tvb,docsis_start + 2) + tvb_get_guint8(tvb,docsis_start + 3);
|
|
||||||
+ unsigned docsis_length = 256*tvb_get_guint8(tvb,docsis_start + 2) + tvb_get_guint8(tvb,docsis_start + 3);
|
|
||||||
if (docsis_start + 6 + docsis_length <= remaining_length) {
|
|
||||||
/*DOCSIS packet included in packet*/
|
|
||||||
tvbuff_t *docsis_tvb;
|
|
||||||
@@ -797,7 +797,7 @@ dissect_ncp_message_block(tvbuff_t * tvb, proto_tree * tree) {
|
|
||||||
static int
|
|
||||||
dissect_plc(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, void* data _U_) {
|
|
||||||
|
|
||||||
- guint16 offset = 0;
|
|
||||||
+ int offset = 0;
|
|
||||||
proto_tree *plc_tree;
|
|
||||||
proto_item *plc_item;
|
|
||||||
tvbuff_t *mb_tvb;
|
|
||||||
@@ -857,7 +857,7 @@ dissect_plc(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, void* data _
|
|
||||||
|
|
||||||
static int
|
|
||||||
dissect_ncp(tvbuff_t * tvb, proto_tree * tree, void* data _U_) {
|
|
||||||
- guint16 offset = 0;
|
|
||||||
+ int offset = 0;
|
|
||||||
proto_tree *ncp_tree;
|
|
||||||
proto_item *ncp_item;
|
|
||||||
tvbuff_t *ncp_mb_tvb;
|
|
||||||
--
|
|
||||||
GitLab
|
|
||||||
|
|
||||||
Loading…
Reference in new issue