In "get_unicode_or_ascii_string()", treat a negative length argument as

a very large unsigned integer (which it probably is), and trim it at INT_MAX, and fix the handling of too-long ASCII strings so that the "..." gets inserted. Make sure that all the bytes of the string exist before truncating the string length to the buffer length, so that the appropriate exception is thrown. svn path=/trunk/; revision=10548
2004-04-03 03:50:44 +00:00 · 2004-04-03 03:50:44 +00:00 · 22d9288594
parent 929c732949
commit 22d9288594
1 changed files with 22 additions and 6 deletions
--- a/packet-smb-common.c
+++ b/packet-smb-common.c
@ -2,7 +2,7 @@
 * Common routines for smb packet dissection
 * Copyright 2000, Jeffrey C. Foster <jfoste@woodward.com>
 *
- * $Id: packet-smb-common.c,v 1.19 2004/01/05 19:31:44 ulfl Exp $
+ * $Id: packet-smb-common.c,v 1.20 2004/04/03 03:50:44 guy Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@ethereal.com>
@ -141,7 +141,7 @@ unicode_to_str(tvbuff_t *tvb, int offset, int *us_lenp, gboolean exactlen,
  guint16       uchar;
  int           len;
  int           us_len;
-  int           overflow = 0;
+  gboolean      overflow = FALSE;

  if (cur == &str[0][0]) {
    cur = &str[1][0];
@ -174,7 +174,7 @@ unicode_to_str(tvbuff_t *tvb, int offset, int *us_lenp, gboolean exactlen,
        *p++ = '?';	/* not 8859-1 */
      len--;
    } else
-      overflow = 1;
+      overflow = TRUE;
    offset += 2;
    bc -= 2;
    us_len += 2;
@ -209,7 +209,8 @@ get_unicode_or_ascii_string(tvbuff_t *tvb, int *offsetp,
  static gchar *cur;
  const gchar *string;
  int string_len;
-  unsigned int copylen;
+  int copylen;
+  gboolean overflow = FALSE;

  if (*bcp == 0) {
    /* Not enough data in buffer */
@ -232,6 +233,12 @@ get_unicode_or_ascii_string(tvbuff_t *tvb, int *offsetp,
    }
    if(exactlen){
      string_len = *len;
+      if (string_len < 0) {
+        /* This probably means it's a very large unsigned number; just set
+           it to the largest signed number, so that we throw the appropriate
+           exception. */
+        string_len = INT_MAX;
+      }
    }
    string = unicode_to_str(tvb, *offsetp, &string_len, exactlen, *bcp);
  } else {
@ -247,11 +254,20 @@ get_unicode_or_ascii_string(tvbuff_t *tvb, int *offsetp,
        cur = &str[0][0];
      }
      copylen = *len;
-      if (copylen > MAX_UNICODE_STR_LEN)
+      if (copylen < 0) {
+        /* This probably means it's a very large unsigned number; just set
+           it to the largest signed number, so that we throw the appropriate
+           exception. */
+        copylen = INT_MAX;
+      }
+      tvb_ensure_bytes_exist(tvb, *offsetp, copylen);
+      if (copylen > MAX_UNICODE_STR_LEN) {
        copylen = MAX_UNICODE_STR_LEN;
+        overflow = TRUE;
+      }
      tvb_memcpy(tvb, (guint8 *)cur, *offsetp, copylen);
      cur[copylen] = '\0';
-      if (copylen > MAX_UNICODE_STR_LEN)
+      if (overflow)
        strcat(cur, "...");
      string_len = *len;
      string = cur;