diff options
author | Evan Huus <eapache@gmail.com> | 2015-03-01 18:45:24 -0500 |
---|---|---|
committer | Evan Huus <eapache@gmail.com> | 2015-03-02 14:11:44 +0000 |
commit | c35ca6c051adb28c321db54cc138f18637977c9a (patch) | |
tree | 75436e257cd73929b9c787da85886fbc6c9f0a14 /epan/dissectors/packet-scsi-osd.c | |
parent | 608cf324b3962877e9699f3e81e8f82ac9f1ea14 (diff) |
scsi-osd: fix overflow leading to infinite loop
Thanks to Vlad Tsyrklevich for the report.
Bug: 11024
Change-Id: I9defc6fc72339b2f6ba12b46172b776d798647cd
Reviewed-on: https://code.wireshark.org/review/7463
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Diffstat (limited to 'epan/dissectors/packet-scsi-osd.c')
-rw-r--r-- | epan/dissectors/packet-scsi-osd.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/epan/dissectors/packet-scsi-osd.c b/epan/dissectors/packet-scsi-osd.c index d9c87d95d6..4091ce72ba 100644 --- a/epan/dissectors/packet-scsi-osd.c +++ b/epan/dissectors/packet-scsi-osd.c @@ -1008,7 +1008,10 @@ dissect_osd2_cdb_continuation(packet_info *pinfo, tvbuff_t *tvb, guint32 offset, expert_add_info(pinfo, item_length, &ei_osd2_cdb_continuation_descriptor_length_invalid); return; } - offset += length+padlen; + /* check for overflow */ + if (offset + length + padlen > offset) { + offset += length+padlen; + } } } |