https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7666
Pascal Quantin <pascal.quantin@xxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |pascal.quantin@xxxxxxxxx
--- Comment #1 from Pascal Quantin <pascal.quantin@xxxxxxxxx> 2012-08-27 09:37:02 PDT ---
Infinite loop occurs because of the iLength read at line 698:
while ((guint) (offset + 10) <= tvb_length(tvb))
{
[...]
iLength = tvb_get_ntohs(tvb, offset + 0);
[...]
if (tree)
{
[...]
else
{
/* No tree, advance directly to next command */
offset += iLength;
}
}
When iLength is equal to 0 (what happens with packet 28881), the loop above
runs forever.
As it looks like the minimum size for iLength should be 10 bytes, putting an
expert info when iLength < 10 and either aborting dissection of the packet or
forcing iLength to 10 should avoid the loop. I believe that the expert info +
stopping dissection of the current packet with a malformed packet error is
probably the best choice.
Can anyone knowing this protocol confirm this is the best thing to do? Any
suggestion is welcome.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.