From 6b5d8390f2ebca66072b0272e88ea62243db3330 Mon Sep 17 00:00:00 2001 From: Guy Harris Date: Mon, 4 Jul 2016 13:52:20 -0700 Subject: Check to make sure the name length <= DLM3_RESNAME_MAXLEN. If it's not, we'd misdissect it. Hopefully this fixes the *real* problem that CID 1363031 was complaining about. Change-Id: If1fc7c30f72d75b9dc047d7e475f78c9d5869943 Reviewed-on: https://code.wireshark.org/review/16292 Reviewed-by: Guy Harris --- epan/dissectors/packet-dlm3.c | 34 +++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/epan/dissectors/packet-dlm3.c b/epan/dissectors/packet-dlm3.c index bb767d331e..f6e52423a4 100644 --- a/epan/dissectors/packet-dlm3.c +++ b/epan/dissectors/packet-dlm3.c @@ -756,21 +756,25 @@ dissect_dlm3_rcom_lock(tvbuff_t *tvb, proto_tree *tree, namelen); offset += 2; - sub_item = proto_tree_add_item(tree, - hf_dlm3_rl_name, tvb, offset, - DLM3_RESNAME_MAXLEN, ENC_NA); - - sub_tree = proto_item_add_subtree(sub_item, - ett_dlm3_rl_name); - sub_offset = offset; - proto_tree_add_item(sub_tree, - hf_dlm3_rl_name_contents, tvb, sub_offset, - namelen, ENC_ASCII|ENC_NA); - - sub_offset += namelen; - proto_tree_add_item(sub_tree, - hf_dlm3_rl_name_padding, tvb, sub_offset, - DLM3_RESNAME_MAXLEN - namelen, ENC_NA); + if (namelen <= DLM3_RESNAME_MAXLEN) { + sub_item = proto_tree_add_item(tree, + hf_dlm3_rl_name, tvb, offset, + DLM3_RESNAME_MAXLEN, ENC_NA); + + sub_tree = proto_item_add_subtree(sub_item, + ett_dlm3_rl_name); + sub_offset = offset; + proto_tree_add_item(sub_tree, + hf_dlm3_rl_name_contents, tvb, sub_offset, + namelen, ENC_ASCII|ENC_NA); + + sub_offset += namelen; + proto_tree_add_item(sub_tree, + hf_dlm3_rl_name_padding, tvb, sub_offset, + DLM3_RESNAME_MAXLEN - namelen, ENC_NA); + } else { + /* XXX - report an error */ + } offset += DLM3_RESNAME_MAXLEN; if (((length - offset) > 0) && (exflags & DLM3_LKF_VALBLK)) -- cgit v1.2.3