diff options
author | Gerald Combs <gerald@wireshark.org> | 2005-05-14 19:13:02 +0000 |
---|---|---|
committer | Gerald Combs <gerald@wireshark.org> | 2005-05-14 19:13:02 +0000 |
commit | 7effa95f95ed51378424b8d1351b8828a608c027 (patch) | |
tree | 2dfa6edbe8d24e20c5fede1a600b9e93e605afad | |
parent | 432a015797d5f1bce41cc189d6528e918249579a (diff) |
Throw an exception if AndXOffset is less than the current offset. Fixes bug
163. I'm not sure if this fix is entirely correct, but it doesn't appear to
have affected any SMB captures here adversely.
svn path=/trunk/; revision=14365
-rw-r--r-- | epan/dissectors/packet-smb.c | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/epan/dissectors/packet-smb.c b/epan/dissectors/packet-smb.c index 318873367b..af669782d3 100644 --- a/epan/dissectors/packet-smb.c +++ b/epan/dissectors/packet-smb.c @@ -4848,6 +4848,9 @@ dissect_locking_andx_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree * proto_item_set_len(it, offset-old_offset); } + if (andxoffset != 0 && andxoffset < offset) + THROW(ReportedBoundsError); + /* call AndXCommand (if there are any) */ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE); @@ -4885,6 +4888,9 @@ dissect_locking_andx_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree END_OF_SMB + if (andxoffset != 0 && andxoffset < offset) + THROW(ReportedBoundsError); + /* call AndXCommand (if there are any) */ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE); @@ -5066,6 +5072,9 @@ dissect_open_andx_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, i END_OF_SMB + if (andxoffset != 0 && andxoffset < offset) + THROW(ReportedBoundsError); + /* call AndXCommand (if there are any) */ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE); @@ -5195,6 +5204,9 @@ dissect_open_andx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, END_OF_SMB + if (andxoffset != 0 && andxoffset < offset) + THROW(ReportedBoundsError); + /* call AndXCommand (if there are any) */ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE); @@ -5315,6 +5327,9 @@ dissect_read_andx_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, i END_OF_SMB + if (andxoffset != 0 && andxoffset < offset) + THROW(ReportedBoundsError); + /* call AndXCommand (if there are any) */ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE); @@ -5416,6 +5431,9 @@ dissect_read_andx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, END_OF_SMB + if (andxoffset != 0 && andxoffset < offset) + THROW(ReportedBoundsError); + /* call AndXCommand (if there are any) */ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE); @@ -5556,6 +5574,9 @@ dissect_write_andx_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, END_OF_SMB + if (andxoffset != 0 && andxoffset < offset) + THROW(ReportedBoundsError); + /* call AndXCommand (if there are any) */ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE); @@ -5629,6 +5650,9 @@ dissect_write_andx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, END_OF_SMB + if (andxoffset != 0 && andxoffset < offset) + THROW(ReportedBoundsError); + /* call AndXCommand (if there are any) */ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE); @@ -5997,6 +6021,9 @@ dissect_session_setup_andx_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree END_OF_SMB + if (andxoffset != 0 && andxoffset < offset) + THROW(ReportedBoundsError); + /* call AndXCommand (if there are any) */ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE); @@ -6119,6 +6146,9 @@ dissect_session_setup_andx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tre END_OF_SMB + if (andxoffset != 0 && andxoffset < offset) + THROW(ReportedBoundsError); + /* call AndXCommand (if there are any) */ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE); @@ -6157,6 +6187,9 @@ dissect_empty_andx(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offs END_OF_SMB + if (andxoffset != 0 && andxoffset < offset) + THROW(ReportedBoundsError); + /* call AndXCommand (if there are any) */ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE); @@ -6305,6 +6338,9 @@ dissect_tree_connect_andx_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree END_OF_SMB + if (andxoffset != 0 && andxoffset < offset) + THROW(ReportedBoundsError); + /* call AndXCommand (if there are any) */ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE); @@ -6435,6 +6471,9 @@ dissect_tree_connect_andx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree END_OF_SMB + if (andxoffset != 0 && andxoffset < offset) + THROW(ReportedBoundsError); + /* call AndXCommand (if there are any) */ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE); @@ -8766,6 +8805,9 @@ dissect_nt_create_andx_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tr END_OF_SMB + if (andxoffset != 0 && andxoffset < offset) + THROW(ReportedBoundsError); + /* call AndXCommand (if there are any) */ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE); @@ -8855,6 +8897,9 @@ dissect_nt_create_andx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t END_OF_SMB + if (andxoffset != 0 && andxoffset < offset) + THROW(ReportedBoundsError); + /* call AndXCommand (if there are any) */ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE); |