代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/wireshark 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From 2fbbde780e5d5d82e31dca656217daf278cf62bb Mon Sep 17 00:00:00 2001
From: Dario Lombardo <[email protected]>
Date: Tue, 5 Mar 2019 17:25:24 +0100
Subject: [PATCH] netscaler: add more sanity checks.
Fix more crashes found in the provided bug report.
Bug: 15497
Change-Id: If84498fa879ad56c8677f8c1442a8dc0e5906003
Reviewed-on: https://code.wireshark.org/review/32333
Petri-Dish: Dario Lombardo <[email protected]>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <[email protected]>
(cherry picked from commit 134a513dd59315d67866f238459fdee6347f1055)
Reviewed-on: https://code.wireshark.org/review/32422
(cherry picked from commit fc8367a50516e832be960a9001ccdb09ced9b27f)
Reviewed-on: https://code.wireshark.org/review/32430
Reviewed-by: Guy Harris <[email protected]>
---
wiretap/netscaler.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/wiretap/netscaler.c b/wiretap/netscaler.c
index c88c082..fc350e2 100644
--- a/wiretap/netscaler.c
+++ b/wiretap/netscaler.c
@@ -653,6 +653,20 @@ static gboolean nstrace_dump(wtap_dumper *wdh, const struct wtap_pkthdr *phdr,
#define GET_READ_PAGE_SIZE(remaining_file_size) ((gint32)((remaining_file_size>NSPR_PAGESIZE)?NSPR_PAGESIZE:remaining_file_size))
#define GET_READ_PAGE_SIZEV3(remaining_file_size) ((gint32)((remaining_file_size>NSPR_PAGESIZE_TRACE)?NSPR_PAGESIZE_TRACE:remaining_file_size))
+/*
+ * Check whether we have enough room to retrieve the data in the caller.
+ * If not, we have a malformed file.
+ */
+static gboolean nstrace_ensure_buflen(nstrace_t* nstrace, guint offset, guint len, int *err, gchar** err_info)
+{
+ if (offset > nstrace->nstrace_buflen || nstrace->nstrace_buflen - offset < len) {
+ *err = WTAP_ERR_BAD_FILE;
+ *err_info = g_strdup("nstrace: malformed file");
+ return FALSE;
+ }
+ return TRUE;
+}
+
static guint64 ns_hrtime2nsec(guint32 tm)
{
guint32 val = tm & NSPR_HRTIME_MASKTM;
@@ -940,6 +940,8 @@ nspm_signature_version(wtap *wth, gchar *nstrace_buf, gint32 len)
switch (nspr_getv##ver##recordtype(fp))\
{\
case NSPR_ABSTIME_V##ver:\
+ if (!nstrace_ensure_buflen(nstrace, nstrace_buf_offset, sizeof(nspr_abstime_v##ver##_t), err, err_info))\
+ return FALSE;\
ns_setabstime(nstrace, pletoh32(&((nspr_abstime_v##ver##_t *) fp)->abs_Time), pletoh16(&((nspr_abstime_v##ver##_t *) fp)->abs_RelTime));\
nstrace->nstrace_buf_offset = nstrace_buf_offset + nspr_getv##ver##recordsize(fp);\
nstrace->nstrace_buflen = nstrace_buflen;\
@@ -1330,6 +1332,8 @@ static gboolean nstrace_read_v20(wtap *wth, int *err, gchar **err_info, gint64 *
case NSPR_RELTIME_V20:
{
+ if (!nstrace_ensure_buflen(nstrace, nstrace_buf_offset, sizeof(nspr_hd_v20_t), err, err_info))
+ return FALSE;
nspr_pktracefull_v20_t *fp20 = (nspr_pktracefull_v20_t *) &nstrace_buf[nstrace_buf_offset];
if (nspr_getv20recordsize((nspr_hd_v20_t *)fp20) == 0) {
*err = WTAP_ERR_BAD_FILE;
--
2.7.4
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手