Skip to content

Commit b4d16b4

Browse files
geraldcombsmmann78
authored andcommitted
SPOOLSS: Try to avoid an infinite loop.
Use tvb_reported_length_remaining in dissect_spoolss_uint16uni. Make sure our offset always increments in dissect_spoolss_keybuffer. Change-Id: I7017c9685bb2fa27161d80a03b8fca4ef630e793 Reviewed-on: https://code.wireshark.org/review/14687 Reviewed-by: Gerald Combs <gerald@wireshark.org> Petri-Dish: Gerald Combs <gerald@wireshark.org> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
1 parent 782191f commit b4d16b4

File tree

1 file changed

+3
-2
lines changed

1 file changed

+3
-2
lines changed

Diff for: epan/dissectors/packet-dcerpc-spoolss.c

+3-2
Original file line numberDiff line numberDiff line change
@@ -1090,7 +1090,7 @@ dissect_spoolss_uint16uni(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,
10901090

10911091
/* Get remaining data in buffer as a string */
10921092

1093-
remaining = tvb_captured_length_remaining(tvb, offset);
1093+
remaining = tvb_reported_length_remaining(tvb, offset);
10941094
if (remaining <= 0) {
10951095
if (data)
10961096
*data = g_strdup("");
@@ -6198,9 +6198,10 @@ dissect_spoolss_keybuffer(tvbuff_t *tvb, int offset, packet_info *pinfo,
61986198
end_offset = tvb_reported_length_remaining(tvb, offset) + 1;
61996199
}
62006200

6201-
while (offset < end_offset)
6201+
while (offset > 0 && offset < end_offset) {
62026202
offset = dissect_spoolss_uint16uni(
62036203
tvb, offset, pinfo, tree, drep, NULL, hf_keybuffer);
6204+
}
62046205

62056206
return offset;
62066207
}

0 commit comments

Comments
 (0)