diff options
author | Peter Wu <peter@lekensteyn.nl> | 2018-10-11 13:04:03 +0200 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2018-10-12 05:09:00 +0000 |
commit | ec6ace066ae4c889d4c18a0a38a8c6053483877b (patch) | |
tree | 437d9e292bd7ebc48af52a8e3aca19fb79f3186e /epan/dissectors/packet-dcom.c | |
parent | f4be16aa45e76d862ff858e8c36e28a206be3143 (diff) |
DCOM: always NUL-terminate dissect_dcom_BSTR results
All of the six users in plugins/epan/profinet/packet-dcom-cba.c expect
the string to be NUL-terminated, so ensure this to avoid reading
uninitialized memory for the Info column.
Bug: 15130
Change-Id: Ibc922068d14b87ce324af3cec22a5f8343088b40
Reviewed-on: https://code.wireshark.org/review/30128
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'epan/dissectors/packet-dcom.c')
-rw-r--r-- | epan/dissectors/packet-dcom.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/epan/dissectors/packet-dcom.c b/epan/dissectors/packet-dcom.c index d12216a767..79cf6a6009 100644 --- a/epan/dissectors/packet-dcom.c +++ b/epan/dissectors/packet-dcom.c @@ -1725,8 +1725,10 @@ dissect_dcom_BSTR(tvbuff_t *tvb, gint offset, packet_info *pinfo, offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, sub_tree, di, drep, &u32ArraySize); - if ((guint32)offset + u32ArraySize*2 > G_MAXINT) + if ((guint32)offset + u32ArraySize*2 > G_MAXINT) { + pszStr[0] = 0; return offset; + } realOffset = offset + u32ArraySize*2; |