diff options
| author | Guy Harris <guy@alum.mit.edu> | 2004-08-16 07:52:07 +0000 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2004-08-16 07:52:07 +0000 |
| commit | 8bf903b464bd7872561b1a9dc6e92a9ef6ccdcc4 (patch) | |
| tree | 9d770590fa174fdf816b86857a8a63377b893848 /epan/dissectors/packet-dhcpv6.c | |
| parent | 605293cc764d8458ba7caa34f3a0061bcd22011c (diff) | |
Whenever we call "dhcpv6_option()", check to make sure it didn't set
"at_end" - if it does, the option is sufficiently bad that we can't
continue dissecting the packet, so we give up.
svn path=/trunk/; revision=11750
Diffstat (limited to 'epan/dissectors/packet-dhcpv6.c')
| -rw-r--r-- | epan/dissectors/packet-dhcpv6.c | 31 |
1 files changed, 21 insertions, 10 deletions
diff --git a/epan/dissectors/packet-dhcpv6.c b/epan/dissectors/packet-dhcpv6.c index 528969277f..42a2743436 100644 --- a/epan/dissectors/packet-dhcpv6.c +++ b/epan/dissectors/packet-dhcpv6.c @@ -308,8 +308,10 @@ dhcpv6_option(tvbuff_t *tvb, proto_tree *bp_tree, int off, int eoff, temp_optlen = 12; while ((optlen - temp_optlen) > 0) { - gboolean at_end_ = FALSE; - temp_optlen += dhcpv6_option(tvb, subtree, off+temp_optlen, off + optlen, &at_end_); + temp_optlen += dhcpv6_option(tvb, subtree, off+temp_optlen, + off + optlen, at_end); + if (*at_end) + return 0; } break; case OPTION_IA_TA: @@ -323,8 +325,10 @@ dhcpv6_option(tvbuff_t *tvb, proto_tree *bp_tree, int off, int eoff, tvb_get_ntohl(tvb, off)); temp_optlen = 4; while ((optlen - temp_optlen) > 0) { - gboolean at_end_; - temp_optlen += dhcpv6_option(tvb, subtree, off+temp_optlen, off + optlen, &at_end_); + temp_optlen += dhcpv6_option(tvb, subtree, off+temp_optlen, + off + optlen, at_end); + if (*at_end) + return 0; } break; case OPTION_IAADDR: @@ -361,8 +365,10 @@ dhcpv6_option(tvbuff_t *tvb, proto_tree *bp_tree, int off, int eoff, temp_optlen = 24; while ((optlen - temp_optlen) > 0) { - gboolean at_end_; - temp_optlen += dhcpv6_option(tvb, subtree, off+temp_optlen, off + optlen, &at_end_); + temp_optlen += dhcpv6_option(tvb, subtree, off+temp_optlen, + off + optlen, at_end); + if (*at_end) + return 0; } } break; @@ -404,8 +410,9 @@ dhcpv6_option(tvbuff_t *tvb, proto_tree *bp_tree, int off, int eoff, optlen, "RELAY-MSG: malformed option"); break; } else { - gboolean at_end_; - dhcpv6_option(tvb, subtree, off, off + optlen, &at_end_); + dhcpv6_option(tvb, subtree, off, off + optlen, at_end); + if (*at_end) + return 0; } break; case OPTION_AUTH: @@ -635,8 +642,10 @@ dhcpv6_option(tvbuff_t *tvb, proto_tree *bp_tree, int off, int eoff, temp_optlen = 25; while ((optlen - temp_optlen) > 0) { - gboolean at_end_; - temp_optlen += dhcpv6_option(tvb, subtree, off+temp_optlen, off + optlen, &at_end_); + temp_optlen += dhcpv6_option(tvb, subtree, off+temp_optlen, + off + optlen, at_end); + if (*at_end) + return 0; } } break; @@ -702,6 +711,8 @@ dissect_dhcpv6(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, while (!relay_msg_option && off < eoff) { length = dhcpv6_option(tvb, bp_tree, off, eoff, &at_end); + if (at_end) + return; if (tvb_get_ntohs(tvb, off) == OPTION_RELAY_MSG) { relay_msg_option = TRUE; |