From aba533c4f72b274c2df18d51c62d80afad2d9678 Mon Sep 17 00:00:00 2001
From: Martin Kaiser <wireshark@kaiser.cx>
Date: Sun, 29 May 2016 18:08:05 +0200
Subject: [PATCH] mgcp: don't throw an exception while checking if it is our
 packet

Change-Id: I224a596926e555fd575995b7e19b7aadbb2d8b49
Reviewed-on: https://code.wireshark.org/review/15630
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
 epan/dissectors/packet-mgcp.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/epan/dissectors/packet-mgcp.c b/epan/dissectors/packet-mgcp.c
index a582d59c66..806383d25f 100644
--- a/epan/dissectors/packet-mgcp.c
+++ b/epan/dissectors/packet-mgcp.c
@@ -697,6 +697,14 @@ static gboolean is_mgcp_verb(tvbuff_t *tvb, gint offset, gint maxlength, const g
 	gboolean returnvalue = FALSE;
 	gchar word[5];
 
+	/* This function is used for checking if a packet is actually an
+	   mgcp packet. Make sure that we do not throw an exception
+	   during such a check. If we did throw an exeption, we could
+	   not refuse the packet and give other dissectors the chance to
+	   look at it. */
+	if (tvb_captured_length_remaining(tvb, offset) < (gint)sizeof(word))
+		return FALSE;
+
 	/* Read the string into 'word' and see if it looks like the start of a verb */
 	if ((maxlength >= 4) && tvb_get_nstringz0(tvb, offset, sizeof(word), word))
 	{
@@ -749,6 +757,10 @@ static gboolean is_mgcp_rspcode(tvbuff_t *tvb, gint offset, gint maxlength)
 	gboolean returnvalue = FALSE;
 	guint8 word[4];
 
+	/* see the comment in is_mgcp_verb() */
+	if (tvb_captured_length_remaining(tvb, offset) < (gint)sizeof(word))
+		return FALSE;
+
 	/* Do 1st 3 characters look like digits? */
 	if (maxlength >= 3)
 	{