Wireshark-bugs: [Wireshark-bugs] [Bug 11056] New: Missing Sanity Checks for library calls in Wir
Date: Thu, 12 Mar 2015 20:22:55 +0000
Bug ID 11056
Summary Missing Sanity Checks for library calls in Wireshark 1.12.4
Product Wireshark
Version 1.12.4
Hardware All
OS Linux (other)
Status UNCONFIRMED
Severity Normal
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter wp02855@gmail.com

Created attachment 13509 [details]
patch file(s) for above bug report...

Build Information:
N/A
--
Hello All,

   In doing some code review of Wireshark 1.12.4, I found some calls to
library functions lacking a sanity check, which could cause some
potential issues to arise when wireshark is in use.

In directory 'wireshark-1.12.4/echld', file 'common.c' I found
a call to fcntl() missing a test for a return value < 0,
indicating failure.  The patch file below corrects this issue:

--- common.c.orig       2015-03-12 10:47:50.319275638 -0700
+++ common.c    2015-03-12 10:49:38.104974646 -0700
@@ -187,7 +187,10 @@

 void echld_reset_reader(echld_reader_t* r, int fd, size_t initial) {
        r->fd = fd;
-       fcntl(fd, F_SETFL, O_NONBLOCK);
+       if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) {
+           fprintf(stderr, "Unable to set non blocking on file...\n");
+           return;
+       }

        if (r->data == NULL) {
                r->actual_len = initial;

In directory 'wireshark-1.12.4/asn1/kerberos', file
'packet-kerberos-template.c'
I found a call to 'fseek()' without a check for a return value < 0,
indicating failure.  The patch file below corrects this issue:

--- packet-kerberos-template.c.orig     2015-03-12 10:37:33.665902165 -0700
+++ packet-kerberos-template.c  2015-03-12 10:40:17.812764387 -0700
@@ -662,7 +662,10 @@
                        sk->contents = g_memdup(buf + 2, DES3_KEY_SIZE);
                        g_snprintf(sk->origin, KRB_MAX_ORIG_LEN, "3DES service
key file, key #%d, offset %ld", count, ftell(skf));
                        service_key_list = g_slist_append(service_key_list,
(gpointer) sk);
-                       fseek(skf, newline_skip, SEEK_CUR);
+                       if (fseek(skf, newline_skip, SEEK_CUR) == -1) {
+                           fprintf(stderr, "Unable to seek on skf...\n");
+                           return;
+                       }
                        count++;
 g_warning("added key: %s", sk->origin);

 In directory 'wireshark-1.12.4/epan/dissectors', file 'packet-kerberos.c',
 I found a call to 'fseek()' without a check for a return value of < 0,
 indicating failure.  The patch file below corrects this issue:

 --- packet-kerberos.c.orig      2015-03-12 10:42:44.788444240 -0700
+++ packet-kerberos.c   2015-03-12 10:44:23.541995309 -0700
@@ -913,7 +913,10 @@
                        sk->contents = g_memdup(buf + 2, DES3_KEY_SIZE);
                        g_snprintf(sk->origin, KRB_MAX_ORIG_LEN, "3DES service
key file, key #%d, offset %ld", count, ftell(skf));
                        service_key_list = g_slist_append(service_key_list,
(gpointer) sk);
-                       fseek(skf, newline_skip, SEEK_CUR);
+                       if (fseek(skf, newline_skip, SEEK_CUR) < 0) {
+                           fprintf(stderr, "unable to seek...\n");
+                           return;
+                       }
                        count++;
 g_warning("added key: %s", sk->origin);
                }

In directory 'wireshark-1.12.4/epan/ftypes', the files below contain
instances of strcpy(), which according to the developer's guide README
should be replaced calls to g_snprintf().

ftype-pcre.c
ftype-string.c:
ftype-time.c:

I am attaching the patch files to this bug report.

Bill Parker (wp02855 at gmail dot com)


You are receiving this mail because:
  • You are watching all bug changes.