SMB2: add reasonable upper limit to pattern_v1 repetition

MAX_UNCOMPRESSED_SIZE is currently 16MiB. Fix Coverity report CID 1467509: Insecure data handling (TAINTED_SCALAR) Using tainted variable "times" as a loop boundary.
2020-09-29 10:56:03 +02:00 · 2020-09-29 10:56:03 +02:00 · 7514e50d16
parent 3502d53ffb
commit 7514e50d16
1 changed files with 1 additions and 1 deletions
--- a/epan/dissectors/packet-smb2.c
+++ b/epan/dissectors/packet-smb2.c
@ -10221,7 +10221,7 @@ dissect_smb2_compression_pattern_v1(proto_tree *tree,

 	proto_item_append_text(pat_item, " 0x%02x repeated %u times", pattern, times);

-	if (out) {
+	if (out && times < MAX_UNCOMPRESSED_SIZE) {
 		guint8 v = (guint8)pattern;

 		for (guint i = 0; i < times; i++)