From 08e48b040fb347bcf19443c89c4f103fa8b73837 Mon Sep 17 00:00:00 2001
From: Gilbert Ramirez <gram@alumni.rice.edu>
Date: Thu, 25 Oct 2001 21:00:34 +0000
Subject: Guard against 'size' being too small; the value comes from the
 packet, so it can be corrupt.

svn path=/trunk/; revision=4079
---
 packet-gnutella.c | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

(limited to 'packet-gnutella.c')

diff --git a/packet-gnutella.c b/packet-gnutella.c
index 7557563be2..fff23a27c5 100644
--- a/packet-gnutella.c
+++ b/packet-gnutella.c
@@ -2,7 +2,7 @@
  * Routines for gnutella dissection
  * Copyright 2001, B. Johannessen <bob@havoq.com>
  *
- * $Id: packet-gnutella.c,v 1.3 2001/08/18 07:59:33 guy Exp $
+ * $Id: packet-gnutella.c,v 1.4 2001/10/25 21:00:34 gram Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -178,12 +178,21 @@ static void dissect_gnutella_query(tvbuff_t *tvb, int offset, proto_tree *tree,
 		GNUTELLA_SHORT_LENGTH,
 		min_speed);
 
-	proto_tree_add_item(tree,
-		hf_gnutella_query_search,
-		tvb,
-		offset + GNUTELLA_QUERY_SEARCH_OFFSET,
-		size - GNUTELLA_SHORT_LENGTH,
-		FALSE);
+    if (size > GNUTELLA_SHORT_LENGTH) {
+        proto_tree_add_item(tree,
+            hf_gnutella_query_search,
+            tvb,
+            offset + GNUTELLA_QUERY_SEARCH_OFFSET,
+            size - GNUTELLA_SHORT_LENGTH,
+            FALSE);
+    }
+    else {
+        proto_tree_add_text(tree,
+            tvb,
+            offset + GNUTELLA_QUERY_SEARCH_OFFSET,
+            0,
+            "Missing data for Query Search.");
+    }
 }
 
 static void dissect_gnutella_queryhit(tvbuff_t *tvb, int offset, proto_tree *tree, int size) {
-- 
cgit v1.2.3