diff options
| author | guy <guy@f5534014-38df-0310-8fa8-9805f1628bb7> | 2004-04-03 03:50:44 +0000 |
|---|---|---|
| committer | guy <guy@f5534014-38df-0310-8fa8-9805f1628bb7> | 2004-04-03 03:50:44 +0000 |
| commit | 94f3944bb2d2386efd63bf6cb083517ccb344ab5 (patch) | |
| tree | 1ca933a015a937978bc5d5fe7ca3bbe4b1a14be4 /packet-smb-common.c | |
| parent | 13dd1135348d9b8f89a18eefd5bd3840f93a7d62 (diff) | |
In "get_unicode_or_ascii_string()", treat a negative length argument as
a very large unsigned integer (which it probably is), and trim it at
INT_MAX, and fix the handling of too-long ASCII strings so that the
"..." gets inserted. Make sure that all the bytes of the string exist
before truncating the string length to the buffer length, so that the
appropriate exception is thrown.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@10548 f5534014-38df-0310-8fa8-9805f1628bb7
Diffstat (limited to 'packet-smb-common.c')
| -rw-r--r-- | packet-smb-common.c | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/packet-smb-common.c b/packet-smb-common.c index 3ed2710409..991fbf9961 100644 --- a/packet-smb-common.c +++ b/packet-smb-common.c @@ -2,7 +2,7 @@ * Common routines for smb packet dissection * Copyright 2000, Jeffrey C. Foster <jfoste@woodward.com> * - * $Id: packet-smb-common.c,v 1.19 2004/01/05 19:31:44 ulfl Exp $ + * $Id: packet-smb-common.c,v 1.20 2004/04/03 03:50:44 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -141,7 +141,7 @@ unicode_to_str(tvbuff_t *tvb, int offset, int *us_lenp, gboolean exactlen, guint16 uchar; int len; int us_len; - int overflow = 0; + gboolean overflow = FALSE; if (cur == &str[0][0]) { cur = &str[1][0]; @@ -174,7 +174,7 @@ unicode_to_str(tvbuff_t *tvb, int offset, int *us_lenp, gboolean exactlen, *p++ = '?'; /* not 8859-1 */ len--; } else - overflow = 1; + overflow = TRUE; offset += 2; bc -= 2; us_len += 2; @@ -209,7 +209,8 @@ get_unicode_or_ascii_string(tvbuff_t *tvb, int *offsetp, static gchar *cur; const gchar *string; int string_len; - unsigned int copylen; + int copylen; + gboolean overflow = FALSE; if (*bcp == 0) { /* Not enough data in buffer */ @@ -232,6 +233,12 @@ get_unicode_or_ascii_string(tvbuff_t *tvb, int *offsetp, } if(exactlen){ string_len = *len; + if (string_len < 0) { + /* This probably means it's a very large unsigned number; just set + it to the largest signed number, so that we throw the appropriate + exception. */ + string_len = INT_MAX; + } } string = unicode_to_str(tvb, *offsetp, &string_len, exactlen, *bcp); } else { @@ -247,11 +254,20 @@ get_unicode_or_ascii_string(tvbuff_t *tvb, int *offsetp, cur = &str[0][0]; } copylen = *len; - if (copylen > MAX_UNICODE_STR_LEN) + if (copylen < 0) { + /* This probably means it's a very large unsigned number; just set + it to the largest signed number, so that we throw the appropriate + exception. */ + copylen = INT_MAX; + } + tvb_ensure_bytes_exist(tvb, *offsetp, copylen); + if (copylen > MAX_UNICODE_STR_LEN) { copylen = MAX_UNICODE_STR_LEN; + overflow = TRUE; + } tvb_memcpy(tvb, (guint8 *)cur, *offsetp, copylen); cur[copylen] = '\0'; - if (copylen > MAX_UNICODE_STR_LEN) + if (overflow) strcat(cur, "..."); string_len = *len; string = cur; |