[bugzilla-daemon@xxxxxxxxxxxxx]

Bug ID	11056
Summary	Missing Sanity Checks for library calls in Wireshark 1.12.4
Product	Wireshark
Version	1.12.4
Hardware	All
OS	Linux (other)
Status	UNCONFIRMED
Severity	Normal
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	bugzilla-admin@wireshark.org
Reporter	wp02855@gmail.com

Created attachment 13509 [details]
patch file(s) for above bug report...

Build Information:
N/A
--
Hello All,

   In doing some code review of Wireshark 1.12.4, I found some calls to
library functions lacking a sanity check, which could cause some
potential issues to arise when wireshark is in use.

In directory 'wireshark-1.12.4/echld', file 'common.c' I found
a call to fcntl() missing a test for a return value < 0,
indicating failure.  The patch file below corrects this issue:

--- common.c.orig       2015-03-12 10:47:50.319275638 -0700
+++ common.c    2015-03-12 10:49:38.104974646 -0700
@@ -187,7 +187,10 @@

 void echld_reset_reader(echld_reader_t* r, int fd, size_t initial) {
        r->fd = fd;
-       fcntl(fd, F_SETFL, O_NONBLOCK);
+       if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) {
+           fprintf(stderr, "Unable to set non blocking on file...\n");
+           return;
+       }

        if (r->data == NULL) {
                r->actual_len = initial;

In directory 'wireshark-1.12.4/asn1/kerberos', file
'packet-kerberos-template.c'
I found a call to 'fseek()' without a check for a return value < 0,
indicating failure.  The patch file below corrects this issue:

--- packet-kerberos-template.c.orig     2015-03-12 10:37:33.665902165 -0700
+++ packet-kerberos-template.c  2015-03-12 10:40:17.812764387 -0700
@@ -662,7 +662,10 @@
                        sk->contents = g_memdup(buf + 2, DES3_KEY_SIZE);
                        g_snprintf(sk->origin, KRB_MAX_ORIG_LEN, "3DES service
key file, key #%d, offset %ld", count, ftell(skf));
                        service_key_list = g_slist_append(service_key_list,
(gpointer) sk);
-                       fseek(skf, newline_skip, SEEK_CUR);
+                       if (fseek(skf, newline_skip, SEEK_CUR) == -1) {
+                           fprintf(stderr, "Unable to seek on skf...\n");
+                           return;
+                       }
                        count++;
 g_warning("added key: %s", sk->origin);

 In directory 'wireshark-1.12.4/epan/dissectors', file 'packet-kerberos.c',
 I found a call to 'fseek()' without a check for a return value of < 0,
 indicating failure.  The patch file below corrects this issue:

 --- packet-kerberos.c.orig      2015-03-12 10:42:44.788444240 -0700
+++ packet-kerberos.c   2015-03-12 10:44:23.541995309 -0700
@@ -913,7 +913,10 @@
                        sk->contents = g_memdup(buf + 2, DES3_KEY_SIZE);
                        g_snprintf(sk->origin, KRB_MAX_ORIG_LEN, "3DES service
key file, key #%d, offset %ld", count, ftell(skf));
                        service_key_list = g_slist_append(service_key_list,
(gpointer) sk);
-                       fseek(skf, newline_skip, SEEK_CUR);
+                       if (fseek(skf, newline_skip, SEEK_CUR) < 0) {
+                           fprintf(stderr, "unable to seek...\n");
+                           return;
+                       }
                        count++;
 g_warning("added key: %s", sk->origin);
                }

In directory 'wireshark-1.12.4/epan/ftypes', the files below contain
instances of strcpy(), which according to the developer's guide README
should be replaced calls to g_snprintf().

ftype-pcre.c
ftype-string.c:
ftype-time.c:

I am attaching the patch files to this bug report.

Bill Parker (wp02855 at gmail dot com)

---

      You are receiving this mail because:

• You are watching all bug changes.