We need to ensure that buf2 is set even if we have too many nested "*"s
in an SMB format string.
Add comments to further explain that code.
while (*fmt) {
switch (*fmt) {
case '*':
while (*fmt) {
switch (*fmt) {
case '*':
+ /*
+ * List of multiple instances of something described by the
+ * remainder of the string (which may itself include a list
+ * of multiple instances of something, so we recurse).
+ */
fmt++;
while (buf < maxbuf) {
const u_char *buf2;
depth++;
fmt++;
while (buf < maxbuf) {
const u_char *buf2;
depth++;
- /* Not sure how this relates with the protocol specification,
- * but in order to avoid stack exhaustion recurse at most that
- * many levels.
+ /*
+ * In order to avoid stack exhaustion recurse at most 10
+ * levels; that "should not happen", as no SMB structure
+ * should be nested *that* deeply, and we thus shouldn't
+ * have format strings with that level of nesting.
ND_PRINT((ndo, "(too many nested levels, not recursing)"));
ND_PRINT((ndo, "(too many nested levels, not recursing)"));
buf2 = smb_fdata(ndo, buf, fmt, maxbuf, unicodestr);
depth--;
if (buf2 == NULL)
buf2 = smb_fdata(ndo, buf, fmt, maxbuf, unicodestr);
depth--;
if (buf2 == NULL)
+ /*
+ * Just do a bounds check.
+ */
fmt++;
if (buf >= maxbuf)
return(buf);
break;
case '%':
fmt++;
if (buf >= maxbuf)
return(buf);
break;
case '%':
+ /*
+ * XXX - unused?
+ */
fmt++;
buf = maxbuf;
break;
case '#':
fmt++;
buf = maxbuf;
break;
case '#':
fmt++;
return(buf);
break;
case '[':
fmt++;
return(buf);
break;
case '[':
+ /*
+ * Format of an item, enclosed in square brackets; dissect
+ * the item with smb_fdata1().
+ */
fmt++;
if (buf >= maxbuf)
return(buf);
fmt++;
if (buf >= maxbuf)
return(buf);
+ /*
+ * Not a formatting character, so just print it.
+ */
ND_PRINT((ndo, "%c", *fmt));
fmt++;
break;
ND_PRINT((ndo, "%c", *fmt));
fmt++;
break;
projects / tcpdump / commitdiff
