It appears that all the fdata() calls use fmt strings supplied at
compile time so this patch makes all the same assumptions, the only
change is that it uses the right functions for the job.
Index: usr.sbin/tcpdump/smbutil.c
===================================================================
RCS file: /cvs/src/usr.sbin/tcpdump/smbutil.c,v
retrieving revision 1.10
diff -u -p -u -r1.10 smbutil.c
--- usr.sbin/tcpdump/smbutil.c 25 Oct 2015 18:25:41 -0000 1.10
+++ usr.sbin/tcpdump/smbutil.c 13 Apr 2021 00:03:54 -0000
@@ -549,10 +549,9 @@ const uchar *fdata(const uchar *buf, con
case '[':
fmt++;
if (buf>=maxbuf) return(buf);
- memset(s, 0, sizeof(s));
- p = strchr(fmt,']');
- strncpy(s,fmt,p-fmt); /* XXX? */
- fmt = p+1;
+ p = memccpy(s, fmt, ']', sizeof(s);
+ fmt += p-s;
+ *--p = '\0';
buf = fdata1(buf,s,maxbuf);
if (buf == NULL)
return(NULL);
