Make sure we advance our offset during a while loop. This should fix recent

fuzz errors. svn path=/trunk/; revision=29109
author: Gerald Combs <gerald@wireshark.org> 2009-07-15 22:51:01 +0000
committer: Gerald Combs <gerald@wireshark.org> 2009-07-15 22:51:01 +0000
commit: 143d15c4e4589d39897c3aa8a6f9ad405bf4b7c2 (patch)
tree: 19b92fc63515132a5d4cc22c60b7952657b5ebce /epan/dissectors/packet-v52.c
parent: ba3ca797bce44d59bc3794f0167dbb838b456147 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/epan/dissectors/packet-v52.c b/epan/dissectors/packet-v52.c
index 5770e57b1f..1115637f87 100644
--- a/epan/dissectors/packet-v52.c
+++ b/epan/dissectors/packet-v52.c
@@ -39,6 +39,7 @@
 #include <string.h>
 #include <epan/packet.h>
 #include <epan/strutil.h>
+#include <epan/expert.h>
 
 static int proto_v52 					= -1;
 static int hf_v52_discriminator			= -1;
@@ -1937,8 +1938,10 @@ dissect_v52_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 {
 	int		offset = 4;
 	guint8		info_element, info_element_length;
+	int		old_offset;
 
 	while(tvb_length_remaining(tvb,offset)){
+		old_offset = offset;
 		info_element = tvb_get_guint8(tvb, offset);
 		switch(info_element){
 			case PSTN_SEQUENCE_NUMBER:
@@ -2098,6 +2101,10 @@ dissect_v52_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 				offset += 1;
 			break;
 		}
+		if (old_offset <= offset) {
+			expert_add_info_format(pinfo, NULL, PI_MALFORMED, PI_WARN, "Zero-length information element");
+			return;
+		}
 	}
 }
author	Gerald Combs <gerald@wireshark.org>	2009-07-15 22:51:01 +0000
committer	Gerald Combs <gerald@wireshark.org>	2009-07-15 22:51:01 +0000
commit	143d15c4e4589d39897c3aa8a6f9ad405bf4b7c2 (patch)
tree	19b92fc63515132a5d4cc22c60b7952657b5ebce /epan/dissectors/packet-v52.c
parent	ba3ca797bce44d59bc3794f0167dbb838b456147 (diff)