157157#define COSINE_HEADER_LINES_TO_CHECK 200
158158#define COSINE_LINE_LENGTH 240
159159
160- #define COSINE_MAX_PACKET_LEN 65536
161-
162160static gboolean empty_line (const gchar * line );
163161static gint64 cosine_seek_next_packet (wtap * wth , int * err , gchar * * err_info ,
164162 char * hdr );
@@ -167,10 +165,8 @@ static gboolean cosine_read(wtap *wth, int *err, gchar **err_info,
167165 gint64 * data_offset );
168166static gboolean cosine_seek_read (wtap * wth , gint64 seek_off ,
169167 struct wtap_pkthdr * phdr , Buffer * buf , int * err , gchar * * err_info );
170- static int parse_cosine_rec_hdr (struct wtap_pkthdr * phdr , const char * line ,
171- int * err , gchar * * err_info );
172- static gboolean parse_cosine_hex_dump (FILE_T fh , struct wtap_pkthdr * phdr ,
173- int pkt_len , Buffer * buf , int * err , gchar * * err_info );
168+ static int parse_cosine_packet (FILE_T fh , struct wtap_pkthdr * phdr , Buffer * buf ,
169+ char * line , int * err , gchar * * err_info );
174170static int parse_single_hex_dump_line (char * rec , guint8 * buf ,
175171 guint byte_offset );
176172
@@ -287,7 +283,6 @@ static gboolean cosine_read(wtap *wth, int *err, gchar **err_info,
287283 gint64 * data_offset )
288284{
289285 gint64 offset ;
290- int pkt_len ;
291286 char line [COSINE_LINE_LENGTH ];
292287
293288 /* Find the next packet */
@@ -296,22 +291,16 @@ static gboolean cosine_read(wtap *wth, int *err, gchar **err_info,
296291 return FALSE;
297292 * data_offset = offset ;
298293
299- /* Parse the header */
300- pkt_len = parse_cosine_rec_hdr (& wth -> phdr , line , err , err_info );
301- if (pkt_len == -1 )
302- return FALSE;
303-
304- /* Convert the ASCII hex dump to binary data */
305- return parse_cosine_hex_dump (wth -> fh , & wth -> phdr , pkt_len ,
306- wth -> frame_buffer , err , err_info );
294+ /* Parse the header and convert the ASCII hex dump to binary data */
295+ return parse_cosine_packet (wth -> fh , & wth -> phdr , wth -> frame_buffer ,
296+ line , err , err_info );
307297}
308298
309299/* Used to read packets in random-access fashion */
310300static gboolean
311301cosine_seek_read (wtap * wth , gint64 seek_off , struct wtap_pkthdr * phdr ,
312302 Buffer * buf , int * err , gchar * * err_info )
313303{
314- int pkt_len ;
315304 char line [COSINE_LINE_LENGTH ];
316305
317306 if (file_seek (wth -> random_fh , seek_off , SEEK_SET , err ) == -1 )
@@ -325,13 +314,8 @@ cosine_seek_read(wtap *wth, gint64 seek_off, struct wtap_pkthdr *phdr,
325314 return FALSE;
326315 }
327316
328- /* Parse the header */
329- pkt_len = parse_cosine_rec_hdr (phdr , line , err , err_info );
330- if (pkt_len == -1 )
331- return FALSE;
332-
333- /* Convert the ASCII hex dump to binary data */
334- return parse_cosine_hex_dump (wth -> random_fh , phdr , pkt_len , buf , err ,
317+ /* Parse the header and convert the ASCII hex dump to binary data */
318+ return parse_cosine_packet (wth -> random_fh , phdr , buf , line , err ,
335319 err_info );
336320}
337321
@@ -340,23 +324,26 @@ cosine_seek_read(wtap *wth, gint64 seek_off, struct wtap_pkthdr *phdr,
340324 2002-5-10,20:1:31.4: l2-tx (FR:3/7/1:1), Length:18, Pro:0, Off:0, Pri:0, RM:0, Err:0 [0x4000, 0x0]
341325 2) output to PE without date and time
342326 l2-tx (FR:3/7/1:1), Length:18, Pro:0, Off:0, Pri:0, RM:0, Err:0 [0x4000, 0x0] */
343- static int
344- parse_cosine_rec_hdr ( struct wtap_pkthdr * phdr , const char * line ,
345- int * err , gchar * * err_info )
327+ static gboolean
328+ parse_cosine_packet ( FILE_T fh , struct wtap_pkthdr * phdr , Buffer * buf ,
329+ char * line , int * err , gchar * * err_info )
346330{
347331 union wtap_pseudo_header * pseudo_header = & phdr -> pseudo_header ;
348332 int num_items_scanned ;
349- int yy , mm , dd , hr , min , sec , csec , pkt_len ;
333+ int yy , mm , dd , hr , min , sec , csec ;
334+ guint pkt_len ;
350335 int pro , off , pri , rm , error ;
351336 guint code1 , code2 ;
352337 char if_name [COSINE_MAX_IF_NAME_LEN ] = "" , direction [6 ] = "" ;
353338 struct tm tm ;
339+ guint8 * pd ;
340+ int i , hex_lines , n , caplen = 0 ;
354341
355342 if (sscanf (line , "%4d-%2d-%2d,%2d:%2d:%2d.%9d:" ,
356343 & yy , & mm , & dd , & hr , & min , & sec , & csec ) == 7 ) {
357344 /* appears to be output to a control blade */
358345 num_items_scanned = sscanf (line ,
359- "%4d-%2d-%2d,%2d:%2d:%2d.%9d: %5s (%127[A-Za-z0-9/:]), Length:%9d , Pro:%9d, Off:%9d, Pri:%9d, RM:%9d, Err:%9d [%8x, %8x]" ,
346+ "%4d-%2d-%2d,%2d:%2d:%2d.%9d: %5s (%127[A-Za-z0-9/:]), Length:%9u , Pro:%9d, Off:%9d, Pri:%9d, RM:%9d, Err:%9d [%8x, %8x]" ,
360347 & yy , & mm , & dd , & hr , & min , & sec , & csec ,
361348 direction , if_name , & pkt_len ,
362349 & pro , & off , & pri , & rm , & error ,
@@ -365,23 +352,33 @@ parse_cosine_rec_hdr(struct wtap_pkthdr *phdr, const char *line,
365352 if (num_items_scanned != 17 ) {
366353 * err = WTAP_ERR_BAD_FILE ;
367354 * err_info = g_strdup ("cosine: purported control blade line doesn't have code values" );
368- return -1 ;
355+ return FALSE ;
369356 }
370357 } else {
371358 /* appears to be output to PE */
372359 num_items_scanned = sscanf (line ,
373- "%5s (%127[A-Za-z0-9/:]), Length:%9d , Pro:%9d, Off:%9d, Pri:%9d, RM:%9d, Err:%9d [%8x, %8x]" ,
360+ "%5s (%127[A-Za-z0-9/:]), Length:%9u , Pro:%9d, Off:%9d, Pri:%9d, RM:%9d, Err:%9d [%8x, %8x]" ,
374361 direction , if_name , & pkt_len ,
375362 & pro , & off , & pri , & rm , & error ,
376363 & code1 , & code2 );
377364
378365 if (num_items_scanned != 10 ) {
379366 * err = WTAP_ERR_BAD_FILE ;
380367 * err_info = g_strdup ("cosine: header line is neither control blade nor PE output" );
381- return -1 ;
368+ return FALSE ;
382369 }
383370 yy = mm = dd = hr = min = sec = csec = 0 ;
384371 }
372+ if (pkt_len > WTAP_MAX_PACKET_SIZE ) {
373+ /*
374+ * Probably a corrupt capture file; don't blow up trying
375+ * to allocate space for an immensely-large packet.
376+ */
377+ * err = WTAP_ERR_BAD_FILE ;
378+ * err_info = g_strdup_printf ("cosine: File has %u-byte packet, bigger than maximum of %u" ,
379+ pkt_len , WTAP_MAX_PACKET_SIZE );
380+ return FALSE;
381+ }
385382
386383 phdr -> rec_type = REC_TYPE_PACKET ;
387384 phdr -> presence_flags = WTAP_HAS_TS |WTAP_HAS_CAP_LEN ;
@@ -430,21 +427,8 @@ parse_cosine_rec_hdr(struct wtap_pkthdr *phdr, const char *line,
430427 pseudo_header -> cosine .rm = rm ;
431428 pseudo_header -> cosine .err = error ;
432429
433- return pkt_len ;
434- }
435-
436- /* Converts ASCII hex dump to binary data. Returns TRUE on success,
437- FALSE if any error is encountered. */
438- static gboolean
439- parse_cosine_hex_dump (FILE_T fh , struct wtap_pkthdr * phdr , int pkt_len ,
440- Buffer * buf , int * err , gchar * * err_info )
441- {
442- guint8 * pd ;
443- gchar line [COSINE_LINE_LENGTH ];
444- int i , hex_lines , n , caplen = 0 ;
445-
446430 /* Make sure we have enough room for the packet */
447- ws_buffer_assure_space (buf , COSINE_MAX_PACKET_LEN );
431+ ws_buffer_assure_space (buf , pkt_len );
448432 pd = ws_buffer_start_ptr (buf );
449433
450434 /* Calculate the number of hex dump lines, each
@@ -473,7 +457,6 @@ parse_cosine_hex_dump(FILE_T fh, struct wtap_pkthdr *phdr, int pkt_len,
473457 return TRUE;
474458}
475459
476-
477460/* Take a string representing one line from a hex dump and converts
478461 * the text to binary data. We place the bytes in the buffer at the
479462 * specified offset.
0 commit comments