forked from osmocom/wireshark
SPOOLSS: Try to avoid an infinite loop.
Use tvb_reported_length_remaining in dissect_spoolss_uint16uni. Make sure our offset always increments in dissect_spoolss_keybuffer. Change-Id: I7017c9685bb2fa27161d80a03b8fca4ef630e793 Reviewed-on: https://code.wireshark.org/review/14687 Reviewed-by: Gerald Combs <gerald@wireshark.org> Petri-Dish: Gerald Combs <gerald@wireshark.org> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
This commit is contained in:
parent
782191f766
commit
b4d16b4495
|
@ -1090,7 +1090,7 @@ dissect_spoolss_uint16uni(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,
|
|||
|
||||
/* Get remaining data in buffer as a string */
|
||||
|
||||
remaining = tvb_captured_length_remaining(tvb, offset);
|
||||
remaining = tvb_reported_length_remaining(tvb, offset);
|
||||
if (remaining <= 0) {
|
||||
if (data)
|
||||
*data = g_strdup("");
|
||||
|
@ -6198,9 +6198,10 @@ dissect_spoolss_keybuffer(tvbuff_t *tvb, int offset, packet_info *pinfo,
|
|||
end_offset = tvb_reported_length_remaining(tvb, offset) + 1;
|
||||
}
|
||||
|
||||
while (offset < end_offset)
|
||||
while (offset > 0 && offset < end_offset) {
|
||||
offset = dissect_spoolss_uint16uni(
|
||||
tvb, offset, pinfo, tree, drep, NULL, hf_keybuffer);
|
||||
}
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue