CVE-2017-13001/NFS: Don't copy more data than is in the file handle.

Also, put the buffer on the stack; no reason to make it static.  (65
bytes isn't a lot.)

This fixes a buffer over-read discovered by Kamil Frankowicz.

Add a test using the capture file supplied by the reporter(s).

print-nfs.c

@@ -807,11 +807,15 @@ nfs_printfh(netdissect_options *ndo,
 
 	if (sfsname) {
 		/* file system ID is ASCII, not numeric, for this server OS */
-		static char temp[NFSX_V3FHMAX+1];
+		char temp[NFSX_V3FHMAX+1];
+		u_int stringlen;
 
 		/* Make sure string is null-terminated */
-		strncpy(temp, sfsname, NFSX_V3FHMAX);
-		temp[sizeof(temp) - 1] = '\0';
+		stringlen = len;
+		if (stringlen > NFSX_V3FHMAX)
+			stringlen = NFSX_V3FHMAX;
+		strncpy(temp, sfsname, stringlen);
+		temp[stringlen] = '\0';
 		/* Remove trailing spaces */
 		spacep = strchr(temp, ' ');
 		if (spacep)

tests/TESTLIST

@@ -458,6 +458,7 @@ hoobr_parse_field	hoobr_parse_field.pcap		hoobr_parse_field.out
 hoobr_chdlc_print	hoobr_chdlc_print.pcap		hoobr_chdlc_print.out
 hoobr_lookup_nsap	hoobr_lookup_nsap.pcap		hoobr_lookup_nsap.out
 hoobr_rt6_print		hoobr_rt6_print.pcap		hoobr_rt6_print.out
+hoobr_nfs_printfh	hoobr_nfs_printfh.pcap		hoobr_nfs_printfh.out
 
 # bad packets from Wilfried Kirsch
 slip-bad-direction	slip-bad-direction.pcap		slip-bad-direction.out	-ve

tests/hoobr_nfs_printfh.out

@@ -0,0 +1,104 @@
+30:30:30:30:30:30 > 30:30:30:30:30:30, ethertype Unknown (0x3030), length 808464432: 
+	0x0000:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0010:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0020:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0030:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0040:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0050:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0060:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0070:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0080:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0090:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x00a0:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x00b0:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x00c0:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x00d0:  3030 3030 3030 3030 3030 3030            000000000000
+30:30:30:30:30:30 > 30:30:30:30:30:30, ethertype Unknown (0x3030), length 808464432: 
+	0x0000:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0010:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0020:  3030 3030 3030 3030                      00000000
+30:30:30:30:30:30 > 30:30:30:30:30:30, ethertype Unknown (0x3030), length 808464432: 
+	0x0000:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0010:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0020:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0030:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0040:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0050:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0060:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0070:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0080:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0090:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x00a0:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x00b0:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x00c0:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+30:30:30:30:30:30 > 30:30:30:30:30:30, ethertype Unknown (0x3030), length 808464432: 
+	0x0000:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0010:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0020:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0030:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0040:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0050:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0060:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0070:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0080:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0090:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x00a0:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x00b0:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x00c0:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x00d0:  3030 3030 3030 3030 3030 3030            000000000000
+30:30:30:30:30:30 > 30:30:30:30:30:30, ethertype Unknown (0x3030), length 808464432: 
+	0x0000:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0010:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0020:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0030:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0040:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0050:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0060:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0070:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0080:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0090:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x00a0:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x00b0:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x00c0:  3030 3030                                0000
+30:30:30:30:30:30 > 30:30:30:30:30:30, ethertype Unknown (0x3030), length 808464432: 
+	0x0000:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0010:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0020:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0030:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0040:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0050:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0060:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0070:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0080:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0090:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x00a0:  3030 3030                                0000
+30:30:30:30:30:30 > 30:30:30:30:30:30, ethertype Unknown (0x3030), length 808464432: 
+	0x0000:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0010:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0020:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0030:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0040:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0050:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0060:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0070:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0080:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0090:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x00a0:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x00b0:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x00c0:  3030 3030 3030 3030 3030 3030            000000000000
+30:30:30:30:30:30 > 30:30:30:30:30:30, ethertype Unknown (0x3030), length 808464432: 
+	0x0000:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0010:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0020:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0030:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0040:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0050:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0060:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0070:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0080:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x0090:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x00a0:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x00b0:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x00c0:  3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
+	0x00d0:  3030 3030 3030 3030 3030 3030            000000000000
+IP 48.48.48.48.12336 > 48.48.48.48.2049: Flags [.U], seq 808464432:808476728, ack 808464432, win 12336, urg 12336, length 12296: NFS request xid 808464432 12292 readlink fh 00000000/808464432