From 85fbca8adb09ea8e1af635db3d92727fbfa1e28a Mon Sep 17 00:00:00 2001 From: John Thacker Date: Thu, 18 May 2023 18:06:36 -0400 Subject: [PATCH] MS-MMS: Use format_text_string() The length of a string transcoded from UTF-16 to UTF-8 can be shorter (or longer) than the original length in bytes in the packet. Use the new string length, not the original length. Use format_text_string, which is a convenience function that calls strlen. Fix #19086 (cherry picked from commit 1c45a899f83fa88e60ab69936bea3c4754e7808b) Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/85fbca8adb09ea8e1af635db3d92727fbfa1e28a] CVE: CVE-2023-0667 Signed-off-by: Hitendra Prajapati --- epan/dissectors/packet-ms-mms.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/epan/dissectors/packet-ms-mms.c b/epan/dissectors/packet-ms-mms.c index f4dbcd0..092a64b 100644 --- a/epan/dissectors/packet-ms-mms.c +++ b/epan/dissectors/packet-ms-mms.c @@ -740,7 +740,7 @@ static void dissect_client_transport_info(tvbuff_t *tvb, packet_info *pinfo, pro transport_info, "Transport: (%s)", transport_info); col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)", - format_text(wmem_packet_scope(), (guchar*)transport_info, length_remaining - 20)); + format_text_string(pinfo->pool, (const guchar*)transport_info)); /* Try to extract details from this string */ @@ -837,7 +837,7 @@ static void dissect_server_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t ENC_UTF_16|ENC_LITTLE_ENDIAN, wmem_packet_scope(), &server_version); col_append_fstr(pinfo->cinfo, COL_INFO, " (version='%s')", - format_text(wmem_packet_scope(), (const guchar*)server_version, strlen(server_version))); + format_text_string(pinfo->pool, (const guchar*)server_version)); } offset += (server_version_length*2); @@ -891,7 +891,7 @@ static void dissect_client_player_info(tvbuff_t *tvb, packet_info *pinfo, proto_ ENC_UTF_16|ENC_LITTLE_ENDIAN, wmem_packet_scope(), &player_info); col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)", - format_text(wmem_packet_scope(), (const guchar*)player_info, strlen(player_info))); + format_text_string(pinfo->pool, (const guchar*)player_info)); } /* Dissect info about where client wants to start playing from */ @@ -966,7 +966,7 @@ static void dissect_request_server_file(tvbuff_t *tvb, packet_info *pinfo, proto ENC_UTF_16|ENC_LITTLE_ENDIAN, wmem_packet_scope(), &server_file); col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)", - format_text(wmem_packet_scope(), (const guchar*)server_file, strlen(server_file))); + format_text_string(pinfo->pool, (const guchar*)server_file)); } /* Dissect media details from server */ -- 2.25.1