cffa7e37ec
Resolves: #2210867 - NetScaler file parser crash Resolves: #2210869 - RTPS dissector crash
68 lines
2.2 KiB
Diff
68 lines
2.2 KiB
Diff
From da017472e69453011ea28571f192cbc79cba7f5c Mon Sep 17 00:00:00 2001
|
|
From: Guy Harris <gharris@sonic.net>
|
|
Date: Thu, 18 May 2023 15:03:23 -0700
|
|
Subject: [PATCH] vms: fix the search for the packet length field.
|
|
|
|
The packet length field is of the form
|
|
|
|
Total Length = DDD = ^xXXX
|
|
|
|
where "DDD" is the length in decimal and "XXX" is the length in
|
|
hexadecimal.
|
|
|
|
Search for "length ". not just "Length", as we skip past "Length ", not
|
|
just "Length", so if we assume we found "Length " but only found
|
|
"Length", we'd skip past the end of the string.
|
|
|
|
While we're at it, fail if we don't find a length field, rather than
|
|
just blithely acting as if the packet length were zero.
|
|
|
|
Fixes #19083.
|
|
|
|
|
|
(cherry picked from commit db5135826de3a5fdb3618225c2ff02f4207012ca)
|
|
---
|
|
wiretap/vms.c | 9 ++++++++-
|
|
1 file changed, 8 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/wiretap/vms.c b/wiretap/vms.c
|
|
index 00da6ff359e..c21b26e6be0 100644
|
|
--- a/wiretap/vms.c
|
|
+++ b/wiretap/vms.c
|
|
@@ -322,6 +322,7 @@ parse_vms_packet(FILE_T fh, wtap_rec *rec, Buffer *buf, int *err, gchar **err_in
|
|
{
|
|
char line[VMS_LINE_LENGTH + 1];
|
|
int num_items_scanned;
|
|
+ gboolean have_pkt_len = FALSE;
|
|
guint32 pkt_len = 0;
|
|
int pktnum;
|
|
int csec = 101;
|
|
@@ -378,7 +379,7 @@ parse_vms_packet(FILE_T fh, wtap_rec *rec, Buffer *buf, int *err, gchar **err_in
|
|
return FALSE;
|
|
}
|
|
}
|
|
- if ( (! pkt_len) && (p = strstr(line, "Length"))) {
|
|
+ if ( (! have_pkt_len) && (p = strstr(line, "Length "))) {
|
|
p += sizeof("Length ");
|
|
while (*p && ! g_ascii_isdigit(*p))
|
|
p++;
|
|
@@ -394,9 +395,15 @@ parse_vms_packet(FILE_T fh, wtap_rec *rec, Buffer *buf, int *err, gchar **err_in
|
|
*err_info = g_strdup_printf("vms: Length field '%s' not valid", p);
|
|
return FALSE;
|
|
}
|
|
+ have_pkt_len = TRUE;
|
|
break;
|
|
}
|
|
} while (! isdumpline(line));
|
|
+ if (! have_pkt_len) {
|
|
+ *err = WTAP_ERR_BAD_FILE;
|
|
+ *err_info = g_strdup_printf("vms: Length field not found");
|
|
+ return FALSE;
|
|
+ }
|
|
if (pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD) {
|
|
/*
|
|
* Probably a corrupt capture file; return an error,
|
|
--
|
|
GitLab
|
|
|