From 9bee1b3f205356932dc22c3605fd06ebb48e7b06 Mon Sep 17 00:00:00 2001
From: Guy Harris <guy@alum.mit.edu>
Date: Tue, 1 Jun 1999 20:39:20 +0000
Subject: Unfortunately, as the "cap_len" field in a "frame_data" is unsigned,
 "fd->cap_len - offset", i.e. END_OF_FRAME, is unsigned, so

	while (END_OF_FRAME > 0) {

doesn't keep you out of the loop if "offset" is already beyond
"fd->cap_len", so you can try processing stuff past the end of the
captured data in the packet.

svn path=/trunk/; revision=298
---
 packet-smb.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packet-smb.c b/packet-smb.c
index f23b716ab6..ed71a1c6b6 100644
--- a/packet-smb.c
+++ b/packet-smb.c
@@ -2,7 +2,7 @@
  * Routines for smb packet dissection
  * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
  *
- * $Id: packet-smb.c,v 1.11 1999/05/13 01:05:11 sharpe Exp $
+ * $Id: packet-smb.c,v 1.12 1999/06/01 20:39:20 guy Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@unicom.net>
@@ -672,7 +672,7 @@ dissect_negprot_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tr
 
     }
 
-    while (END_OF_FRAME > 0) {
+    while (fd->cap_len > offset) {
       const char *str;
 
       if (tree) {
-- 
cgit v1.2.3