From 625bab309d9dd21db2d8ae2aa3511810d32842a8 Mon Sep 17 00:00:00 2001
From: Pascal Quantin <pascal.quantin@gmail.com>
Date: Sat, 23 Sep 2017 22:22:28 +0200
Subject: Docsis: fix an infinite loop

Add missing decrement of concatlen based on master-2.2 version.

Bug: 14080
Change-Id: I00f7e34f8e599718316a4ce8916d91b780ec7c14
Reviewed-on: https://code.wireshark.org/review/23663
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
---
 plugins/docsis/packet-docsis.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'plugins')

diff --git a/plugins/docsis/packet-docsis.c b/plugins/docsis/packet-docsis.c
index 30af37ae83..1e7d7725d9 100644
--- a/plugins/docsis/packet-docsis.c
+++ b/plugins/docsis/packet-docsis.c
@@ -697,6 +697,13 @@ dissect_docsis (tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, void* da
           /* Pass off to the DOCSIS Management dissector/s */
           mgt_tvb = tvb_new_subset_remaining(tvb, hdrlen);
           call_dissector (docsis_mgmt_handle, mgt_tvb, pinfo, docsis_tree);
+
+          if (concatlen > 0)
+          {
+            concatlen = concatlen - framelen;
+            concatpos += framelen;
+          }
+
           break;
         }
         case FCPARM_RQST_FRM:
@@ -776,6 +783,13 @@ dissect_docsis (tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, void* da
           proto_tree_add_checksum(docsis_tree, tvb, (hdrlen + len_sid - 4), hf_docsis_frag_fcs, hf_docsis_frag_fcs_status, &ei_docsis_frag_fcs_bad, pinfo, fcs, ENC_BIG_ENDIAN, PROTO_CHECKSUM_VERIFY);
 
           pinfo->fragmented = save_fragmented;
+
+          if (concatlen > 0)
+          {
+            concatlen = concatlen - framelen;
+            concatpos += framelen;
+          }
+
           break;
         }
         case FCPARM_QUEUE_DEPTH_REQ_FRM:
-- 
cgit v1.2.3