osmocom
/
wireshark
14
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Problem: 

"off by 1" bug in 
   packet-smb-common.c:  dissect_ms_compressed_string_internal()
was causing a 1 character buffer overflow thus causing the canary to sing !

Fixes bug #1241


svn path=/trunk/; revision=19983
This commit is contained in:
Bill Meier 2006-11-26 00:23:50 +00:00
parent 692f21a184
commit 6a9d8055ed
1 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
epan/dissectors/packet-smb-common.c
View File

@ -133,10 +133,11 @@ static int dissect_ms_compressed_string_internal(tvbuff_t *tvb, int offset, char
offset+=1;
*str=0;
/* XXX: Reserve 4 chars for "...\0" */
while(len){
/* add potential field separation dot */
if(prepend_dot){
if(!maxlen){
if(maxlen<=4){
*str=0;
return offset;
}
@ -161,12 +162,10 @@ static int dissect_ms_compressed_string_internal(tvbuff_t *tvb, int offset, char
prepend_dot=TRUE;
if(maxlen<=len){
if(maxlen>3){
*str++='.';
*str++='.';
*str++='.';
}
if(len>(maxlen-4)){
*str++='.';
*str++='.';
*str++='.';
*str=0;
return offset; /* will mess up offset in caller, is unlikely */
}