Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] [patch] address_to_str_buf not checking available buffer len

Date Prev · Date Next · Thread Prev · Thread Next
From: Gerald Combs <gerald@xxxxxxxxxxxxx>
Date: Wed, 31 Jan 2007 15:27:40 -0800
Checked in, with the error string changed to "[Buffer too small]".  Thanks!

Andrej Mikus wrote:
> Accepted or not, I needed to do something to get my working copy
> compiled. Attached is the patch if you like to use it.
> 
> Thanks
> Andrej
> 
> On Wed, 31.Jan.07 12:29:30 +0100, Andrej Mikus wrote:
>> On Mon, 29.Jan.07 12:49:00 -0800, Gerald Combs wrote:
>>> Andrej Mikus wrote:
>>>
>>>> In file to_str.c I notice function address_to_str_buf that takes buf_len
>>>> as argument, but does not use it for IPv4 and IPv6 addresses:
>>>>
>>> Unfortunately, there wasn't a mechanism to ensure that the buffer was
>>> big enough.  I've checked in a change (r20607) that should fix this.  It
>>> looks like this could potentially affect the ISUP statistics, so I'll
>>> add it to the advisory list for 0.99.5.
>> I was planning to propose a patch already (attached), so this allowed me
>> to see how Subversion handles conflicts :-)
>>
>> IMO, the function should return an error string instead of cowardly
>> bailing out with an empty string.
>>
>> inet_ntop does the latter by default, so it does not need any additional
>> check, just passing buf_len instead of INET6_ADDRSTRLEN.
>>
>> At the other side I like the check you made into ip_to_str_buf.
>>
>> My proposal would be to combine the patches and use MAX_IP_STR_LEN,
>> and approach below for both IPv4 and IPv6 in address_to_str_buf.
>>
>>    case AT_IPv6:
>> +<<<<<<< .mine
>> +    if ( inet_ntop(AF_INET6, addr->data, buf, buf_len) == NULL ) /* Returns NULL if no space and does not touch buf */
>> +       g_snprintf ( buf, buf_len, "@@@@@@@@" );                 /* Let the unexpected value alert user */
>>
>> If accepted, I am ready to supply a patch on top of current rev .r20649
>> Let me know pls.
>>
>> Andrej
> 
> 
>> _______________________________________________
>> Wireshark-dev mailing list
>> Wireshark-dev@xxxxxxxxxxxxx
>> http://www.wireshark.org/mailman/listinfo/wireshark-dev
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev