SMB: Add two missing bounds checks

author: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr> 2019-06-06 14:47:58 +0200
committer: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr> 2019-06-06 15:47:15 +0200
commit: 50f375f9f1444e744d6e4b117940f0a7c9dd8c23 (patch)
tree: 835fe6ac30b9f0624a1def83811409260828f02f /print-smb.c
parent: 46aead6c5265e8ae376d2cf274fb2b5195cd6b57 (diff)
download: tcpdump-50f375f9f1444e744d6e4b117940f0a7c9dd8c23.tar.gz
1 files changed, 8 insertions, 2 deletions
diff --git a/print-smb.c b/print-smb.c
index 39125efa..9254b546 100644
--- a/print-smb.c
+++ b/print-smb.c
@@ -374,15 +374,21 @@ print_trans(netdissect_options *ndo,
     if (bcc > 0) {
 	smb_fdata(ndo, data1 + 2, f2, maxbuf - (paramlen + datalen), unicodestr);
 
-	if (strcmp((const char *)(data1 + 2), "\\MAILSLOT\\BROWSE") == 0) {
+#define MAILSLOT_BROWSE_STR "\\MAILSLOT\\BROWSE"
+	ND_TCHECK_LEN(data1 + 2, strlen(MAILSLOT_BROWSE_STR) + 1);
+	if (strcmp((const char *)(data1 + 2), MAILSLOT_BROWSE_STR) == 0) {
 	    print_browse(ndo, param, paramlen, data, datalen);
 	    return;
 	}
+#undef MAILSLOT_BROWSE_STR
 
-	if (strcmp((const char *)(data1 + 2), "\\PIPE\\LANMAN") == 0) {
+#define PIPE_LANMAN_STR "\\PIPE\\LANMAN"
+	ND_TCHECK_LEN(data1 + 2, strlen(PIPE_LANMAN_STR) + 1);
+	if (strcmp((const char *)(data1 + 2), PIPE_LANMAN_STR) == 0) {
 	    print_ipc(ndo, param, paramlen, data, datalen);
 	    return;
 	}
+#undef PIPE_LANMAN_STR
 
 	if (paramlen)
 	    smb_fdata(ndo, param, f3, min(param + paramlen, maxbuf), unicodestr);
author	Francois-Xavier Le Bail <devel.fx.lebail@orange.fr>	2019-06-06 14:47:58 +0200
committer	Francois-Xavier Le Bail <devel.fx.lebail@orange.fr>	2019-06-06 15:47:15 +0200
commit	50f375f9f1444e744d6e4b117940f0a7c9dd8c23 (patch)
tree	835fe6ac30b9f0624a1def83811409260828f02f /print-smb.c
parent	46aead6c5265e8ae376d2cf274fb2b5195cd6b57 (diff)
download	tcpdump-50f375f9f1444e744d6e4b117940f0a7c9dd8c23.tar.gz