wireshark/wireshark-0013-cve-2023-0666.patch
Michal Ruprich 0ad1647cc3 Resolves: #2210864 - Candump log file parser crash
Resolves: #2210865 VMS TCPIPtrace file parser crash
  Resolves: #2210868 NetScaler file parser crash
  Resolves: #2210870 RTPS dissector crash
  Resolves: #2210871 IEEE C37.118 Synchrophasor dissector crash
2023-06-07 14:04:34 +02:00

117 lines
5.3 KiB
Diff

From 28fdce547c417b868c521f87fb58f71ca6b1e3f7 Mon Sep 17 00:00:00 2001
From: Gerald Combs <gerald@wireshark.org>
Date: Thu, 18 May 2023 13:52:48 -0700
Subject: [PATCH] RTPS: Fixup our g_strlcpy dest_sizes
Use the proper dest_size in various g_strlcpy calls.
Fixes #19085
---
epan/dissectors/packet-rtps.c | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/epan/dissectors/packet-rtps.c b/epan/dissectors/packet-rtps.c
index 2884e86faa1..a39202952f6 100644
--- a/epan/dissectors/packet-rtps.c
+++ b/epan/dissectors/packet-rtps.c
@@ -4944,7 +4944,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
++tk_id;
}
- g_strlcpy(type_name, rtps_util_typecode_id_to_string(tk_id), 40);
+ g_strlcpy(type_name, rtps_util_typecode_id_to_string(tk_id), sizeof(type_name));
/* Structure of the typecode data:
*
@@ -5115,7 +5115,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
member_name, -1, NULL, ndds_40_hack);
}
/* Finally prints the name of the struct (if provided) */
- g_strlcpy(type_name, "}", 40);
+ g_strlcpy(type_name, "}", sizeof(type_name));
break;
} /* end of case UNION */
@@ -5286,7 +5286,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
}
}
/* Finally prints the name of the struct (if provided) */
- g_strlcpy(type_name, "}", 40);
+ g_strlcpy(type_name, "}", sizeof(type_name));
break;
}
@@ -5378,7 +5378,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
offset += 4;
alias_name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, alias_name_length, ENC_ASCII);
offset += alias_name_length;
- g_strlcpy(type_name, alias_name, 40);
+ g_strlcpy(type_name, alias_name, sizeof(type_name));
break;
}
@@ -5413,7 +5413,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
if (tk_id == RTI_CDR_TK_VALUE_PARAM) {
type_id_name = "valueparam";
}
- g_snprintf(type_name, 40, "%s '%s'", type_id_name, value_name);
+ g_snprintf(type_name, sizeof(type_name), "%s '%s'", type_id_name, value_name);
break;
}
} /* switch(tk_id) */
@@ -5577,7 +5577,7 @@ static gint rtps_util_add_type_library_type(proto_tree *tree,
long_number = tvb_get_guint32(tvb, offset_tmp, encoding);
name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset_tmp+4, long_number, ENC_ASCII);
if (info)
- g_strlcpy(info->member_name, name, long_number);
+ g_strlcpy(info->member_name, name, sizeof(info->member_name));
proto_item_append_text(tree, " %s", name);
offset += member_length;
@@ -5753,13 +5753,13 @@ static gint rtps_util_add_type_member(proto_tree *tree,
proto_item_append_text(tree, " %s (ID: %d)", name, member_id);
if (member_object) {
member_object->member_id = member_id;
- g_strlcpy(member_object->member_name, name, long_number < 256 ? long_number : 256);
+ g_strlcpy(member_object->member_name, name, sizeof(member_object->member_name));
member_object->type_id = member_type_id;
}
if (info && info->extensibility == EXTENSIBILITY_MUTABLE) {
mutable_member_mapping * mutable_mapping = NULL;
mutable_mapping = wmem_new(wmem_file_scope(), mutable_member_mapping);
- g_strlcpy(mutable_mapping->member_name, name, long_number < 256 ? long_number : 256);
+ g_strlcpy(mutable_mapping->member_name, name, sizeof(mutable_mapping->member_name));
mutable_mapping->struct_type_id = info->type_id;
mutable_mapping->member_type_id = member_type_id;
mutable_mapping->member_id = member_id;
@@ -5814,7 +5814,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree,
union_member_mapping * mapping = NULL;
mapping = wmem_new(wmem_file_scope(), union_member_mapping);
- g_strlcpy(mapping->member_name, object.member_name, 256);
+ g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name));
mapping->member_type_id = object.type_id;
mapping->discriminator = HASHMAP_DISCRIMINATOR_CONSTANT;
mapping->union_type_id = union_type_id + mapping->discriminator;
@@ -5827,7 +5827,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree,
union_member_mapping * mapping = NULL;
mapping = wmem_new(wmem_file_scope(), union_member_mapping);
- g_strlcpy(mapping->member_name, object.member_name, 256);
+ g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name));
mapping->member_type_id = object.type_id;
mapping->discriminator = -1;
mapping->union_type_id = union_type_id + mapping->discriminator;
@@ -5847,7 +5847,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree,
ti = proto_tree_add_item(labels, hf_rtps_type_object_union_label, tvb, offset_tmp, 4, encoding);
offset_tmp += 4;
- g_strlcpy(mapping->member_name, object.member_name, 256);
+ g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name));
mapping->member_type_id = object.type_id;
mapping->discriminator = discriminator_case;
mapping->union_type_id = union_type_id + discriminator_case;
--
GitLab