URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e885798f22a911c2b23e6e66f9dc98b3b2cc167c
Submitter: "Anders Broman <a.broman58@xxxxxxxxx>"
Changed: branch: master
Repository: wireshark
Commits:
e885798 by basakkal (basakkalfa@xxxxxxxxx):
s7comm dissector infinite loop error is fixed.
When list_count and list_len are large numbers, their
multiplication exceeds guint16. The multiplication is casted to
guint32. list_len was controlled whether it is 0 or not. However,
list_count should also have been controlled. The control for
list_count is also added to the code. Moreover, if their
multiplication is equal to zero, it should be checked before or in
for loop since it causes infinite loop and it adds more than expected
szl data trees.
Change-Id: I4bb2c076ef830581e529fea05a1d9175feab171c
Reviewed-on: https://code.wireshark.org/review/29979
Petri-Dish: Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
Actions performed:
from 925f811 Adding string for "anyPolicy" OID to x509ce
add e885798 s7comm dissector infinite loop error is fixed.
Summary of changes:
epan/dissectors/packet-s7comm_szl_ids.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)