osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

SPOOLSS: Try to avoid an infinite loop. 

Use tvb_reported_length_remaining in dissect_spoolss_uint16uni. Make
sure our offset always increments in dissect_spoolss_keybuffer.

Change-Id: I7017c9685bb2fa27161d80a03b8fca4ef630e793
Reviewed-on: https://code.wireshark.org/review/14687
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This commit is contained in:
Gerald Combs 2016-03-28 15:46:33 -07:00 committed by Michael Mann
parent 782191f766
commit b4d16b4495
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
epan/dissectors/packet-dcerpc-spoolss.c
View File

@ -1090,7 +1090,7 @@ dissect_spoolss_uint16uni(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,
/* Get remaining data in buffer as a string */
remaining = tvb_captured_length_remaining(tvb, offset);
remaining = tvb_reported_length_remaining(tvb, offset);
if (remaining <= 0) {
if (data)
*data = g_strdup("");
@ -6198,9 +6198,10 @@ dissect_spoolss_keybuffer(tvbuff_t *tvb, int offset, packet_info *pinfo,
end_offset = tvb_reported_length_remaining(tvb, offset) + 1;
}
while (offset < end_offset)
while (offset > 0 && offset < end_offset) {
offset = dissect_spoolss_uint16uni(
tvb, offset, pinfo, tree, drep, NULL, hf_keybuffer);
}
return offset;
}