From b59dc97dfef3bcce71cd393f4d2493e7ba1a8f82 Mon Sep 17 00:00:00 2001
From: Gerald Combs <gerald@wireshark.org>
Date: Wed, 29 Nov 2017 14:46:10 -0800
Subject: NetBIOS: Don't write past the beginning of a buffer.

Make sure process_netbios_name doesn't write past the beginning of its
buffer.

Bug: 14249
Change-Id: Idb294ba2362e48b879bc4c0c0ddaf64fcf1b5d72
Reviewed-on: https://code.wireshark.org/review/24651
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
---
 epan/dissectors/packet-netbios.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'epan/dissectors/packet-netbios.c')

diff --git a/epan/dissectors/packet-netbios.c b/epan/dissectors/packet-netbios.c
index 9815879365..1ed1cf132b 100644
--- a/epan/dissectors/packet-netbios.c
+++ b/epan/dissectors/packet-netbios.c
@@ -298,6 +298,7 @@ process_netbios_name(const guchar *name_ptr, char *name_ret, int name_ret_len)
 	int    i;
 	int    name_type = *(name_ptr + NETBIOS_NAME_LEN - 1);
 	guchar name_char;
+	char  *name_ret_orig = name_ret;
 	static const char hex_digits[16] = {'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'};
 
 	for (i = 0; i < NETBIOS_NAME_LEN - 1; i++) {
@@ -324,7 +325,7 @@ process_netbios_name(const guchar *name_ptr, char *name_ret, int name_ret_len)
 
 	name_ret--;
 
-	for (i = 0; i < NETBIOS_NAME_LEN - 1; i++) {
+	while (name_ret >= name_ret_orig) {
 		if (*name_ret != ' ') {
 			*(name_ret + 1) = 0;
 			break;
-- 
cgit v1.2.3