X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/97d372ef7040c30c90faca545e697af1af9b1b39..e01c9bf76740802025c9328901b55ee4a0c49ed6:/print-smb.c?ds=sidebyside

diff --git a/print-smb.c b/print-smb.c
index af86cddb..944b8d28 100644
--- a/print-smb.c
+++ b/print-smb.c
@@ -371,16 +371,21 @@ print_trans(netdissect_options *ndo,
     ND_PRINT((ndo, "smb_bcc=%u\n", bcc));
     if (bcc > 0) {
 	smb_fdata(ndo, data1 + 2, f2, maxbuf - (paramlen + datalen), unicodestr);
-
-	if (strcmp((const char *)(data1 + 2), "\\MAILSLOT\\BROWSE") == 0) {
+#define MAILSLOT_BROWSE_STR "\\MAILSLOT\\BROWSE"
+	ND_TCHECK2(*(data1 + 2), strlen(MAILSLOT_BROWSE_STR) + 1);
+	if (strcmp((const char *)(data1 + 2), MAILSLOT_BROWSE_STR) == 0) {
 	    print_browse(ndo, param, paramlen, data, datalen);
 	    return;
 	}
+#undef MAILSLOT_BROWSE_STR
 
-	if (strcmp((const char *)(data1 + 2), "\\PIPE\\LANMAN") == 0) {
+#define PIPE_LANMAN_STR "\\PIPE\\LANMAN"
+	ND_TCHECK2(*(data1 + 2), strlen(PIPE_LANMAN_STR) + 1);
+	if (strcmp((const char *)(data1 + 2), PIPE_LANMAN_STR) == 0) {
 	    print_ipc(ndo, param, paramlen, data, datalen);
 	    return;
 	}
+#undef PIPE_LANMAN_STR
 
 	if (paramlen)
 	    smb_fdata(ndo, param, f3, min(param + paramlen, maxbuf), unicodestr);
@@ -940,7 +945,9 @@ nbt_tcp_print(netdissect_options *ndo,
     if (caplen < 4)
 	goto trunc;
     maxbuf = data + caplen;
+    ND_TCHECK_8BITS(data);
     type = data[0];
+    ND_TCHECK_16BITS(data + 2);
     nbt_len = EXTRACT_16BITS(data + 2);
     length -= 4;
     caplen -= 4;
@@ -1167,10 +1174,12 @@ nbt_udp137_print(netdissect_options *ndo,
 	    p = smb_fdata(ndo, p, "Name=[n1]\n#", maxbuf, 0);
 	    if (p == NULL)
 		goto out;
+	    ND_TCHECK_16BITS(p);
 	    restype = EXTRACT_16BITS(p);
 	    p = smb_fdata(ndo, p, "ResType=[rw]\nResClass=[rw]\nTTL=[rD]\n", p + 8, 0);
 	    if (p == NULL)
 		goto out;
+	    ND_TCHECK_16BITS(p);
 	    rdlen = EXTRACT_16BITS(p);
 	    ND_PRINT((ndo, "ResourceLength=%d\nResourceData=\n", rdlen));
 	    p += 2;