Don't write a '\0' way the heck past the end of an array. Fixes bug 164.

Add a comment asking if we shouldn't use oid_to_str() instead of our own routine. svn path=/trunk/; revision=14344
author: Gerald Combs <gerald@wireshark.org> 2005-05-10 23:45:39 +0000
committer: Gerald Combs <gerald@wireshark.org> 2005-05-10 23:45:39 +0000
commit: e3e4f52245627029b832875a5bbf438350484678 (patch)
tree: 9ac47ccb5cf84e87bc625d62eb26455e163151a4
parent: 5535853bf20fd38df9bcba7d5327f18c088df280 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/plugins/agentx/packet-agentx.c b/plugins/agentx/packet-agentx.c
index 54091e3127..863d2fa93f 100644
--- a/plugins/agentx/packet-agentx.c
+++ b/plugins/agentx/packet-agentx.c
@@ -303,6 +303,7 @@ static const value_string resp_errors[] = {
 		tvb_get_ntohs(tvb, offset) : \
 		tvb_get_letohs(tvb, offset)
 
+/* XXX - Is there a particular reason we're not using oid_to_str() here? */
 static int dissect_octet_string(tvbuff_t *tvb, proto_tree *tree, int offset, char flags)
 {
 	guint32 n_oct, p_noct;
@@ -311,6 +312,8 @@ static int dissect_octet_string(tvbuff_t *tvb, proto_tree *tree, int offset, cha
 	NORLEL(flags, n_oct, tvb, offset);
 	
 	p_noct = PADDING(n_oct);
+	if (n_oct >= 1024)
+		THROW(ReportedBoundsError);
 	tvb_get_nstringz(tvb, offset + 4, n_oct, context);
 	context[n_oct]='\0';
author	Gerald Combs <gerald@wireshark.org>	2005-05-10 23:45:39 +0000
committer	Gerald Combs <gerald@wireshark.org>	2005-05-10 23:45:39 +0000
commit	e3e4f52245627029b832875a5bbf438350484678 (patch)
tree	9ac47ccb5cf84e87bc625d62eb26455e163151a4
parent	5535853bf20fd38df9bcba7d5327f18c088df280 (diff)