rsl: avoid buffer overread

Fixes a buffer overrun in dissct_rsl_ipaccess_msg when the tag is exactly 0xff: tag = tvb_get_guint8(tvb, offset); tdef = &rsl_att_tlvdef.def[tag]; Bug: 11829 Change-Id: I25a3c6948242a52f59431ce84c108b2e52008930 Reviewed-on: https://code.wireshark.org/review/14011 Reviewed-by: Peter Wu <peter@lekensteyn.nl>
author: Peter Wu <peter@lekensteyn.nl> 2016-02-19 18:36:38 +0100
committer: Peter Wu <peter@lekensteyn.nl> 2016-02-19 17:47:42 +0000
commit: de65fd6b00d0b891930324b9549c93ccfe9cac30 (patch)
tree: 34e4e43cbb68176d713131b015dd112c81e06877
parent: 8bee8bad813446bbf75428a8cdd756fe6063ca6f (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/epan/dissectors/packet-rsl.c b/epan/dissectors/packet-rsl.c
index d1f53f3062..c397eb2250 100644
--- a/epan/dissectors/packet-rsl.c
+++ b/epan/dissectors/packet-rsl.c
@@ -679,7 +679,7 @@ struct tlv_def {
 };
 
 struct tlv_definition {
-    struct tlv_def def[0xff];
+    struct tlv_def def[0x100];
 };
 
 /* This structure is initialized in proto_register_rsl() */
author	Peter Wu <peter@lekensteyn.nl>	2016-02-19 18:36:38 +0100
committer	Peter Wu <peter@lekensteyn.nl>	2016-02-19 17:47:42 +0000
commit	de65fd6b00d0b891930324b9549c93ccfe9cac30 (patch)
tree	34e4e43cbb68176d713131b015dd112c81e06877
parent	8bee8bad813446bbf75428a8cdd756fe6063ca6f (diff)