From 335d6ca7e29587103720a22f32dbd13b6b30c807 Mon Sep 17 00:00:00 2001
From: Balint Reczey <balint@balintreczey.hu>
Date: Thu, 24 Jan 2013 09:34:54 +0000
Subject: [PATCH] Prevent copying longer than expected NTLM SSP key

svn path=/trunk/; revision=47248
---
 epan/dissectors/packet-ntlmssp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/epan/dissectors/packet-ntlmssp.c b/epan/dissectors/packet-ntlmssp.c
index cdfb765b63..2b37091fb4 100644
--- a/epan/dissectors/packet-ntlmssp.c
+++ b/epan/dissectors/packet-ntlmssp.c
@@ -2291,7 +2291,7 @@ decrypt_verifier(tvbuff_t *tvb, int offset, guint32 encrypted_block_length,
 
       /* Setup the buffer to decrypt to */
       tvb_memcpy(tvb, packet_ntlmssp_info->verifier,
-                 offset, encrypted_block_length);
+                 offset, MIN(encrypted_block_length, sizeof(packet_ntlmssp_info->verifier)));
 
       /*if (!(NTLMSSP_NEGOTIATE_KEY_EXCH & packet_ntlmssp_info->flags)) {*/
       if (conv_ntlmssp_info->flags & NTLMSSP_NEGOTIATE_EXTENDED_SECURITY) {