Fix read-past-end-of-buffer in CUPS dissector

Even when the protocol specifies that a string ends in a null-terminator, there
are packets which won't. Therefore:

**the result of tvb_get_ptr SHALL NOT be treated as a null-terminated string**

We need to post that in big neon lettering somewhere obvious.

Bug: 10353
Change-Id: Ie30cd13353a9830311e573e734dd89dc07622c98
Reviewed-on: https://code.wireshark.org/review/3485
Reviewed-by: Evan Huus <eapache@gmail.com>

1 files changed, 2 insertions, 2 deletions

diff --git a/epan/dissectors/packet-cups.c b/epan/dissectors/packet-cups.c
index 190541e3e3..7f7f4b9607 100644
--- a/epan/dissectors/packet-cups.c
+++ b/epan/dissectors/packet-cups.c
@@ -279,7 +279,7 @@ get_quoted_string(tvbuff_t *tvb, gint offset, gint *next_offset, guint *len)
         if (o != -1) {
             offset++;
             l = o - offset;
-            s = tvb_get_ptr(tvb, offset, l);
+            s = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, l, ENC_ASCII);
             offset = o + 1;
         }
     }
@@ -300,7 +300,7 @@ get_unquoted_string(tvbuff_t *tvb, gint offset, gint *next_offset, guint *len)
     o = tvb_pbrk_guint8(tvb, offset, -1, " \t\r\n", NULL);
     if (o != -1) {
         l = o - offset;
-        s = tvb_get_ptr(tvb, offset, l);
+        s = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, l, ENC_ASCII);
         offset = o;
     }