Index: packet-ncp2222.inc =================================================================== RCS file: /cvsroot/ethereal/packet-ncp2222.inc,v retrieving revision 1.42 diff -u -r1.42 packet-ncp2222.inc --- packet-ncp2222.inc 2002/10/16 23:24:21 1.42 +++ packet-ncp2222.inc 2002/10/18 15:33:35 @@ -885,7 +885,7 @@ } nw_time_t; typedef struct { - char * buffer; + char buffer[1024]; } nw_uni_t; #define VTYPE_NONE 0 /* no value */ @@ -1061,7 +1061,7 @@ nw_uni_t nw_uni; guint offset; - nw_uni.buffer = "\0"; + strcat(nw_uni.buffer, "\0"); offset = ptvcursor_current_offset(ptvc); item = ptvcursor_add(ptvc, *rec->hf_ptr, @@ -1359,29 +1359,17 @@ return 0; } -/* - * XXX - this routine assumes that "dest_buf" points to a buffer large - * enough for the string we'll be generating; unfortunately, it usually - * points to a null constant string, which is unlikely to be large - * enough for any characters whatsoever (so that this routine will - * overwrite some arbitrary stuff in memory), and may even be in - * a read-only portion of the address space (so that this routine - * will crash). - * - * We "#if 0" it out for now, to eliminate crashes. - */ static void get_string(tvbuff_t* tvb, guint offset, guint str_length, char *dest_buf) { -#if 0 guint32 i; guint16 c_char; guint32 length_remaining = 0; length_remaining = tvb_length_remaining(tvb, offset); - if(str_length > length_remaining) + if(str_length > length_remaining || str_length > 1024) { - strcpy(dest_buf, "String too long to process"); + strcpy(dest_buf, "String to long to process"); return; } for ( i = 0; i < str_length; i++ ) @@ -1415,7 +1403,6 @@ } dest_buf[i] = '\0'; return; -#endif } /************************************* @@ -1736,10 +1723,6 @@ proto_tree_add_item(nvtree, hf_nds_node, tvb, voffset+4, 6, FALSE); proto_tree_add_item(nvtree, hf_nds_socket, tvb, voffset+10, 2, FALSE); break; - /*proto_tree_add_item(nvtree, hf_nds_port, tvb, voffset, 2, FALSE); - value4 = tvb_get_letohl(tvb, voffset+2); - proto_tree_add_ipv4(nvtree, hf_add_ref_ip, tvb, voffset+2, 4, value4); - break;*/ case 0x00000008: proto_tree_add_item(nvtree, hf_nds_port, tvb, voffset, 2, FALSE); value4 = tvb_get_letohl(tvb, voffset+2); @@ -2023,7 +2006,7 @@ proto_item *aitem; char * vstring=""; - mval_buf.buffer = ""; + strcat(mval_buf.buffer, "\0"); switch (vtype) { @@ -2459,7 +2442,7 @@ proto_tree *sub2tree; proto_item *sub2item; - mval_buf.buffer = ""; + strcat(mval_buf.buffer, "\0"); if(values->mvtype != MVTYPE_LIST_PARTITIONS) { nitem = proto_tree_add_uint_format(ncp_tree, values->hfname, tvb, values->voffset+ioffset, @@ -4260,8 +4243,9 @@ char *global_object_name='\0'; int i; - reply_buffer.buffer = "\0"; - if (!pinfo->fd->flags.visited) { + strcat(reply_buffer.buffer, "\0"); + + if (!pinfo->fd->flags.visited) { /* Find the conversation whence the request would have come. */ conversation = find_conversation(&pinfo->src, &pinfo->dst, PT_NCP, nw_connection, nw_connection, 0); @@ -5413,11 +5397,12 @@ guint32 global_flags=0; int i; - for (i = 0; i < 9; i++) { + for (i = 0; i < 9; i++) { pvalues[i].vtype = 0; pvalues[i].mvtype = 0; } - req_buffer.buffer = "\0"; + + strcat(req_buffer.buffer, "\0"); func = tvb_get_guint8(tvb, 6); subfunc = tvb_get_guint8(tvb, 7);