CVE-2017-13045/VQP: add some bounds checks

[tcpdump] / smbutil.c

diff --git a/smbutil.c b/smbutil.c
index 8e5e508723da07a8a69ba9becc32d7fa5acd73df..fc9b3cc6f227a659fd71f3c5e4c1c766a132e9a3 100644 (file)
--- a/smbutil.c
+++ b/smbutil.c
@@ -16,7 +16,7 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include "interface.h"
+#include "netdissect.h"
 #include "extract.h"
 #include "smb.h"
 
@@ -237,6 +237,7 @@ name_len(netdissect_options *ndo,
            return(-1); /* name goes past the end of the buffer */
        ND_TCHECK2(*s, 1);
        s += (*s) + 1;
+       ND_TCHECK2(*s, 1);
     }
     return(PTR_DIFF(s, s0) + 1);
 
@@ -271,8 +272,7 @@ name_type_str(int name_type)
 }
 
 void
-print_data(netdissect_options *ndo,
-           const unsigned char *buf, int len)
+smb_print_data(netdissect_options *ndo, const unsigned char *buf, int len)
 {
     int i = 0;
 
@@ -860,7 +860,7 @@ smb_fdata(netdissect_options *ndo,
     if (!depth && buf < maxbuf) {
        size_t len = PTR_DIFF(maxbuf, buf);
        ND_PRINT((ndo, "Data: (%lu bytes)\n", (unsigned long)len));
-       print_data(ndo, buf, len);
+       smb_print_data(ndo, buf, len);
        return(buf + len);
     }
     return(buf);