git.samba.org / metze / wireshark / wip.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 84a9484)
From "temp4746":
authorAnders Broman <anders.broman@ericsson.com>
Thu, 10 Jan 2013 06:55:16 +0000 (06:55 -0000)
committerAnders Broman <anders.broman@ericsson.com>
Thu, 10 Jan 2013 06:55:16 +0000 (06:55 -0000)
wslua TvbRange:le_ustring/ustring buffer overflow's.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8175

svn path=/trunk/; revision=47012

epan/wslua/wslua_tvb.c patch | blob | history

diff --git a/epan/wslua/wslua_tvb.c b/epan/wslua/wslua_tvb.c
index 76fdb416d737e88203f27583337a93ca898bde9a..0cce36add35ce8e33f75cf1a515f4393b7e4bbbb 100644 (file)
--- a/epan/wslua/wslua_tvb.c
+++ b/epan/wslua/wslua_tvb.c
@@ -1106,6 +1106,7 @@ WSLUA_METHOD TvbRange_string(lua_State* L) {
 static int TvbRange_ustring_any(lua_State* L, gboolean little_endian) {
        /* Obtain a UTF-16 encoded string from a TvbRange */
     TvbRange tvbr = checkTvbRange(L,1);
+    gchar * str;
 
     if ( !(tvbr && tvbr->tvb)) return 0;
     if (tvbr->tvb->expired) {
@@ -1113,7 +1114,8 @@ static int TvbRange_ustring_any(lua_State* L, gboolean little_endian) {
         return 0;
     }
 
-    lua_pushlstring(L, (gchar*)tvb_get_ephemeral_unicode_string(tvbr->tvb->ws_tvb,tvbr->offset,tvbr->len,(little_endian ? ENC_LITTLE_ENDIAN : ENC_BIG_ENDIAN)), tvbr->len );
+    str = (gchar*)tvb_get_ephemeral_unicode_string(tvbr->tvb->ws_tvb,tvbr->offset,tvbr->len,(little_endian ? ENC_LITTLE_ENDIAN : ENC_BIG_ENDIAN));
+    lua_pushlstring(L, str, strlen(str));
 
     return 1; /* The string */
 }
Unnamed repository; edit this file to name it for gitweb.