Do bounds checks on NBNS resource types and resource data lengths.

author: Guy Harris <guy@alum.mit.edu> 2016-10-05 19:43:27 -0700
committer: Francois-Xavier Le Bail <fx.lebail@yahoo.com> 2017-01-18 09:16:40 +0100
commit: ecf6e822e1b8301e892f817756732502ddb2bef5 (patch)
tree: 5868bb1697da01b8b937c83418b4f68bf7425af3 /print-smb.c
parent: df60a6c9564a13cbacf5c5fbd03a6a3c2149dc06 (diff)
download: tcpdump-ecf6e822e1b8301e892f817756732502ddb2bef5.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/print-smb.c b/print-smb.c
index af86cddb..723b9a03 100644
--- a/print-smb.c
+++ b/print-smb.c
@@ -1167,10 +1167,12 @@ nbt_udp137_print(netdissect_options *ndo,
 	    p = smb_fdata(ndo, p, "Name=[n1]\n#", maxbuf, 0);
 	    if (p == NULL)
 		goto out;
+	    ND_TCHECK_16BITS(p);
 	    restype = EXTRACT_16BITS(p);
 	    p = smb_fdata(ndo, p, "ResType=[rw]\nResClass=[rw]\nTTL=[rD]\n", p + 8, 0);
 	    if (p == NULL)
 		goto out;
+	    ND_TCHECK_16BITS(p);
 	    rdlen = EXTRACT_16BITS(p);
 	    ND_PRINT((ndo, "ResourceLength=%d\nResourceData=\n", rdlen));
 	    p += 2;
author	Guy Harris <guy@alum.mit.edu>	2016-10-05 19:43:27 -0700
committer	Francois-Xavier Le Bail <fx.lebail@yahoo.com>	2017-01-18 09:16:40 +0100
commit	ecf6e822e1b8301e892f817756732502ddb2bef5 (patch)
tree	5868bb1697da01b8b937c83418b4f68bf7425af3 /print-smb.c
parent	df60a6c9564a13cbacf5c5fbd03a6a3c2149dc06 (diff)
download	tcpdump-ecf6e822e1b8301e892f817756732502ddb2bef5.tar.gz