add two missing CHECK_BYTE_COUNT

to not cause an exception for clearly malformed packets

will resolve "bug" 987   (which is NOT a bug)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@18762 f5534014-38df-0310-8fa8-9805f1628bb7

diff --git a/epan/dissectors/packet-smb.c b/epan/dissectors/packet-smb.c
index 223ddfefed6245f3ca1ac6e369d8717e59da12e8..85e87af0aaf459563e6e13da3e412af22c994fb6 100644 (file)
--- a/epan/dissectors/packet-smb.c
+++ b/epan/dissectors/packet-smb.c
@@ -7966,7 +7966,7 @@ dissect_nt_transaction_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree
        int subcmd;
        nt_trans_data ntd;
        guint16 bc;
-       int padcnt;
+       guint32 padcnt;
        smb_nt_transact_info_t *nti;
 
        si = (smb_info_t *)pinfo->private_data;
@@ -8116,6 +8116,7 @@ dissect_nt_transaction_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree
                padcnt = po-offset;
                if (padcnt > bc)
                        padcnt = bc;
+               CHECK_BYTE_COUNT(padcnt);
                proto_tree_add_item(tree, hf_smb_padding, tvb, offset, padcnt, TRUE);
                COUNT_BYTES(padcnt);
        }
@@ -8497,7 +8498,7 @@ dissect_nt_transaction_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tre
        smb_nt_transact_info_t *nti;
        static nt_trans_data ntd;
        guint16 bc;
-       int padcnt;
+       gint32 padcnt;
        fragment_data *r_fd = NULL;
        tvbuff_t *pd_tvb=NULL;
        gboolean save_fragmented;
@@ -8639,7 +8640,7 @@ dissect_nt_transaction_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tre
            padcnt = po-offset;
            if (padcnt > bc)
              padcnt = bc;
-           tvb_ensure_bytes_exist(tvb, offset, padcnt);
+           CHECK_BYTE_COUNT(padcnt);
            proto_tree_add_item(tree, hf_smb_padding, tvb, offset, padcnt, TRUE);
            COUNT_BYTES(padcnt);
          }