Detect out-of-bounds when handling zero terminated strings from a TvbRange.

This avoids a wireshark crash.

svn path=/trunk/; revision=53470

1 files changed, 15 insertions, 0 deletions

diff --git a/epan/wslua/wslua_tvb.c b/epan/wslua/wslua_tvb.c
index 2b7c4ac080..0c7b05e9f9 100644
--- a/epan/wslua/wslua_tvb.c
+++ b/epan/wslua/wslua_tvb.c
@@ -1144,6 +1144,11 @@ WSLUA_METHOD TvbRange_stringz(lua_State* L) {
         return 0;
     }
 
+    if (tvb_find_guint8 (tvbr->tvb->ws_tvb, tvbr->offset, -1, 0) == -1) {
+        luaL_error(L,"out of bounds");
+        return 0;
+    }
+
     lua_pushstring(L, (gchar*)tvb_get_stringz(wmem_packet_scope(),tvbr->tvb->ws_tvb,tvbr->offset,NULL) );
 
     WSLUA_RETURN(1); /* The zero terminated string */
@@ -1159,6 +1164,11 @@ WSLUA_METHOD TvbRange_strsize(lua_State* L) {
         return 0;
     }
 
+    if (tvb_find_guint8 (tvbr->tvb->ws_tvb, tvbr->offset, -1, 0) == -1) {
+        luaL_error(L,"out of bounds");
+        return 0;
+    }
+
     lua_pushinteger(L, tvb_strsize(tvbr->tvb->ws_tvb, tvbr->offset));
 
     WSLUA_RETURN(1); /* Length of the zero terminated string */
@@ -1176,6 +1186,11 @@ static int TvbRange_ustringz_any(lua_State* L, gboolean little_endian) {
         return 0;
     }
 
+    if (tvb_find_guint8 (tvbr->tvb->ws_tvb, tvbr->offset, -1, 0) == -1) {
+        luaL_error(L,"out of bounds");
+        return 0;
+    }
+
     lua_pushstring(L, (gchar*)tvb_get_unicode_stringz(wmem_packet_scope(),tvbr->tvb->ws_tvb,tvbr->offset,&count,(little_endian ? ENC_LITTLE_ENDIAN : ENC_BIG_ENDIAN)) );
     lua_pushinteger(L,count);