don't go into an (almost) endless loop, if si->info_count is -1, which is the default value. Seems to be a general bug worth to thought about, but I don't know the SMB internals and this bugfix should work anyway.

Found this by a privately fuzzed capture file (sorry, can't give it away) svn path=/trunk/; revision=14501
author: Ulf Lamping <ulf.lamping@web.de> 2005-05-30 21:10:21 +0000
committer: Ulf Lamping <ulf.lamping@web.de> 2005-05-30 21:10:21 +0000
commit: e8c5cd2342fa8bc5650281a642b37017c9962a5c (patch)
tree: cfe9684753bdc852cfb86758ecc1f6be44b16205 /epan/dissectors/packet-smb.c
parent: e25b530eb5aec334832e276fe52e5c21107d1c4f (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/epan/dissectors/packet-smb.c b/epan/dissectors/packet-smb.c
index 27c81c9ca2..b9cef795f8 100644
--- a/epan/dissectors/packet-smb.c
+++ b/epan/dissectors/packet-smb.c
@@ -13044,6 +13044,9 @@ dissect_transaction2_response_data(tvbuff_t *tvb, packet_info *pinfo,
 		/* returned data */
 		count = si->info_count;
 
+        if(count == -1) {
+            break;
+        }
 		if (count && check_col(pinfo->cinfo, COL_INFO)) {
 			col_append_fstr(pinfo->cinfo, COL_INFO,
 			", Files:");
@@ -13060,6 +13063,9 @@ dissect_transaction2_response_data(tvbuff_t *tvb, packet_info *pinfo,
 		/* returned data */
 		count = si->info_count;
 
+        if(count == -1) {
+            break;
+        }
 		if (count && check_col(pinfo->cinfo, COL_INFO)) {
 			col_append_fstr(pinfo->cinfo, COL_INFO,
 			", Files:");
author	Ulf Lamping <ulf.lamping@web.de>	2005-05-30 21:10:21 +0000
committer	Ulf Lamping <ulf.lamping@web.de>	2005-05-30 21:10:21 +0000
commit	e8c5cd2342fa8bc5650281a642b37017c9962a5c (patch)
tree	cfe9684753bdc852cfb86758ecc1f6be44b16205 /epan/dissectors/packet-smb.c
parent	e25b530eb5aec334832e276fe52e5c21107d1c4f (diff)