diff options
author | wmeier <wmeier@f5534014-38df-0310-8fa8-9805f1628bb7> | 2011-06-22 01:20:20 +0000 |
---|---|---|
committer | wmeier <wmeier@f5534014-38df-0310-8fa8-9805f1628bb7> | 2011-06-22 01:20:20 +0000 |
commit | e444921b3431cb176c6101e505bf5bfffcfb74c2 (patch) | |
tree | 8797666e124dd2836de4326ea8c3d8a2025983b0 /epan/dissectors/packet-dvbci.c | |
parent | 844d411b5ad85f4496c42953531a0fc20cf89244 (diff) |
From Martin Kaiser: Fix forBug #6048 (fuzztest crash)
"this is caused by my newly added DVB-CI MMI code
endless loop when dissect_dvbci_text() returns 0 because the text pseudo-apdu
is invalid"
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6048
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@37743 f5534014-38df-0310-8fa8-9805f1628bb7
Diffstat (limited to 'epan/dissectors/packet-dvbci.c')
-rw-r--r-- | epan/dissectors/packet-dvbci.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/epan/dissectors/packet-dvbci.c b/epan/dissectors/packet-dvbci.c index b51973b087..8b82af56a2 100644 --- a/epan/dissectors/packet-dvbci.c +++ b/epan/dissectors/packet-dvbci.c @@ -1310,6 +1310,15 @@ dissect_dvbci_payload_mmi(guint32 tag, gint len_field, offset += text_len; while (tvb_reported_length_remaining(tvb, offset)) { text_len = dissect_dvbci_text("Item", tvb, offset, pinfo, tree); + /* minimum is apdu tag + 1 byte len field */ + if (text_len<APDU_TAG_SIZE+1) { + pi = proto_tree_add_text( + tree, tvb, offset, -1, "Invalid item"); + expert_add_info_format( + pinfo, pi, PI_MALFORMED, PI_ERROR, + "Items must be text_more() or text_last() objects"); + return; + } offset += text_len; } break; |