Wireshark · Wireshark-dev: Re: [Wireshark-dev] Babel: prevent an infinite loop while parsing sub-TLV

Wireshark-dev: Re: [Wireshark-dev] Babel: prevent an infinite loop while parsing sub-TLV

From: Juliusz Chroboczek <jch@xxxxxxx>

Date: Fri, 18 Oct 2019 20:51:08 +0200

Dear Pascal,

I've just seen your commit dd15b2, which I believe is incorrect.

  https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=dd15b203c7ec8a8ec5c930cf018c838991ee3182

In dissect_babel_subtlvs, sublen is the length of the TLV body; the full
TLV is of length sublen+2.  At the end of the loop, the code is correct:

        beg += (sublen+2);

Hence, it is perfectly fine to have sublen=0.  Unless I'm wrong, your
commit is incorrect.

Could you please either explain why I'm wrong, or else revert commit dd15b2?

Thanks,

-- Juliusz Chroboczek

Follow-Ups:
- Re: [Wireshark-dev] Babel: prevent an infinite loop while parsing sub-TLV
  - From: Pascal Quantin

Prev by Date: [Wireshark-dev] Quickly determine where your duplicate ett_definition is ...
Next by Date: Re: [Wireshark-dev] Babel: prevent an infinite loop while parsing sub-TLV
Previous by thread: [Wireshark-dev] Quickly determine where your duplicate ett_definition is ...
Next by thread: Re: [Wireshark-dev] Babel: prevent an infinite loop while parsing sub-TLV
Index(es):
- Date
- Thread