aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGerald Combs <gerald@wireshark.org>2016-03-28 15:46:33 -0700
committerMichael Mann <mmann78@netscape.net>2016-03-30 18:17:07 +0000
commitb4d16b4495b732888e12baf5b8a7e9bf2665e22b (patch)
tree23282022f0364bc110dd768fbbfe04ace0734a4e
parent782191f7662c2cd2849524ba279aad0aafcba4de (diff)
SPOOLSS: Try to avoid an infinite loop.
Use tvb_reported_length_remaining in dissect_spoolss_uint16uni. Make sure our offset always increments in dissect_spoolss_keybuffer. Change-Id: I7017c9685bb2fa27161d80a03b8fca4ef630e793 Reviewed-on: https://code.wireshark.org/review/14687 Reviewed-by: Gerald Combs <gerald@wireshark.org> Petri-Dish: Gerald Combs <gerald@wireshark.org> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
-rw-r--r--epan/dissectors/packet-dcerpc-spoolss.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/epan/dissectors/packet-dcerpc-spoolss.c b/epan/dissectors/packet-dcerpc-spoolss.c
index 8774e3416a..22eef3c5ad 100644
--- a/epan/dissectors/packet-dcerpc-spoolss.c
+++ b/epan/dissectors/packet-dcerpc-spoolss.c
@@ -1090,7 +1090,7 @@ dissect_spoolss_uint16uni(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,
/* Get remaining data in buffer as a string */
- remaining = tvb_captured_length_remaining(tvb, offset);
+ remaining = tvb_reported_length_remaining(tvb, offset);
if (remaining <= 0) {
if (data)
*data = g_strdup("");
@@ -6198,9 +6198,10 @@ dissect_spoolss_keybuffer(tvbuff_t *tvb, int offset, packet_info *pinfo,
end_offset = tvb_reported_length_remaining(tvb, offset) + 1;
}
- while (offset < end_offset)
+ while (offset > 0 && offset < end_offset) {
offset = dissect_spoolss_uint16uni(
tvb, offset, pinfo, tree, drep, NULL, hf_keybuffer);
+ }
return offset;
}