From da017472e69453011ea28571f192cbc79cba7f5c Mon Sep 17 00:00:00 2001 From: Guy Harris Date: Thu, 18 May 2023 15:03:23 -0700 Subject: [PATCH] vms: fix the search for the packet length field. The packet length field is of the form Total Length = DDD = ^xXXX where "DDD" is the length in decimal and "XXX" is the length in hexadecimal. Search for "length ". not just "Length", as we skip past "Length ", not just "Length", so if we assume we found "Length " but only found "Length", we'd skip past the end of the string. While we're at it, fail if we don't find a length field, rather than just blithely acting as if the packet length were zero. Fixes #19083. (cherry picked from commit db5135826de3a5fdb3618225c2ff02f4207012ca) --- wiretap/vms.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/wiretap/vms.c b/wiretap/vms.c index 00da6ff359e..c21b26e6be0 100644 --- a/wiretap/vms.c +++ b/wiretap/vms.c @@ -322,6 +322,7 @@ parse_vms_packet(FILE_T fh, wtap_rec *rec, Buffer *buf, int *err, gchar **err_in { char line[VMS_LINE_LENGTH + 1]; int num_items_scanned; + gboolean have_pkt_len = FALSE; guint32 pkt_len = 0; int pktnum; int csec = 101; @@ -378,7 +379,7 @@ parse_vms_packet(FILE_T fh, wtap_rec *rec, Buffer *buf, int *err, gchar **err_in return FALSE; } } - if ( (! pkt_len) && (p = strstr(line, "Length"))) { + if ( (! have_pkt_len) && (p = strstr(line, "Length "))) { p += sizeof("Length "); while (*p && ! g_ascii_isdigit(*p)) p++; @@ -394,9 +395,15 @@ parse_vms_packet(FILE_T fh, wtap_rec *rec, Buffer *buf, int *err, gchar **err_in *err_info = g_strdup_printf("vms: Length field '%s' not valid", p); return FALSE; } + have_pkt_len = TRUE; break; } } while (! isdumpline(line)); + if (! have_pkt_len) { + *err = WTAP_ERR_BAD_FILE; + *err_info = g_strdup_printf("vms: Length field not found"); + return FALSE; + } if (pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; return an error, -- GitLab