Coverity 512

Check if we ran out of bytes in the tvb and return NULL instead of trying to pass it to the decryption routines. svn path=/trunk/; revision=36241
2011-03-22 09:35:26 +00:00 · 2011-03-22 09:35:26 +00:00 · ff04f85940
parent dddec126f6
commit ff04f85940
1 changed files with 6 additions and 3 deletions
--- a/epan/dissectors/packet-dcerpc-netlogon.c
+++ b/epan/dissectors/packet-dcerpc-netlogon.c
@ -7963,9 +7963,13 @@ dissect_packet_data(tvbuff_t *tvb ,tvbuff_t *auth_tvb _U_,
        else {
            if(vars->can_decrypt == TRUE) {
                rc4_state_struct rc4state;
-                int data_len = tvb_length_remaining(tvb,offset);
+                int data_len;
                guint64 copyconfounder = vars->confounder;

+                data_len = tvb_length_remaining(tvb,offset);
+                if (data_len < 0) {
+                    return NULL;
+                }
                crypt_rc4_init(&rc4state,vars->encryption_key,16);
                crypt_rc4(&rc4state,(guint8*)&copyconfounder,8);
                decrypted = (guint8*)tvb_memdup(tvb, offset,data_len);
@ -7977,8 +7981,7 @@ dissect_packet_data(tvbuff_t *tvb ,tvbuff_t *auth_tvb _U_,
                debugprintf("Session key not found can't decrypt ...\n");
            }
        }
-    }
-    else {
+    } else {
        debugprintf("Vars not found  %d (packet_data)\n",g_hash_table_size(netlogon_auths));
        return(buf);
    }