diff options
author | Peter Wu <peter@lekensteyn.nl> | 2016-02-19 18:36:38 +0100 |
---|---|---|
committer | Peter Wu <peter@lekensteyn.nl> | 2016-02-19 17:47:42 +0000 |
commit | de65fd6b00d0b891930324b9549c93ccfe9cac30 (patch) | |
tree | 34e4e43cbb68176d713131b015dd112c81e06877 | |
parent | 8bee8bad813446bbf75428a8cdd756fe6063ca6f (diff) |
rsl: avoid buffer overread
Fixes a buffer overrun in dissct_rsl_ipaccess_msg when the tag is
exactly 0xff:
tag = tvb_get_guint8(tvb, offset);
tdef = &rsl_att_tlvdef.def[tag];
Bug: 11829
Change-Id: I25a3c6948242a52f59431ce84c108b2e52008930
Reviewed-on: https://code.wireshark.org/review/14011
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
-rw-r--r-- | epan/dissectors/packet-rsl.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/epan/dissectors/packet-rsl.c b/epan/dissectors/packet-rsl.c index d1f53f3062..c397eb2250 100644 --- a/epan/dissectors/packet-rsl.c +++ b/epan/dissectors/packet-rsl.c @@ -679,7 +679,7 @@ struct tlv_def { }; struct tlv_definition { - struct tlv_def def[0xff]; + struct tlv_def def[0x100]; }; /* This structure is initialized in proto_register_rsl() */ |