diff options
author | guy <guy@f5534014-38df-0310-8fa8-9805f1628bb7> | 2011-08-07 08:26:29 +0000 |
---|---|---|
committer | guy <guy@f5534014-38df-0310-8fa8-9805f1628bb7> | 2011-08-07 08:26:29 +0000 |
commit | 9eeef5a0ec6cf6e85e0eef306e5f3cf975658490 (patch) | |
tree | 57ea3bbd2c4a89f29c4604dfa26243d1f262f3de | |
parent | 3cedae4a491b520566ee466d0f605afe06cd6e2c (diff) |
If you have a loop that iterates over packet contents, you absolutely
must not just do a "continue" if the offset into the packet has not been
advanced, as you will get an infinite loop if you do.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@38383 f5534014-38df-0310-8fa8-9805f1628bb7
-rw-r--r-- | epan/dissectors/packet-opensafety.c | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/epan/dissectors/packet-opensafety.c b/epan/dissectors/packet-opensafety.c index 11fa16b2cc..fbc6a95763 100644 --- a/epan/dissectors/packet-opensafety.c +++ b/epan/dissectors/packet-opensafety.c @@ -1267,7 +1267,7 @@ opensafety_package_dissector(const gchar * protocolName, const gchar * sub_diss_ { if ( findSafetyFrame(bytes, length - frameOffset, frameOffset, &frameOffset, &frameLength) ) { - if ((frameOffset + frameLength) > (guint)reported_len ) + if ((frameOffset + frameLength) > (guint)reported_len ) break; found++; @@ -1328,10 +1328,19 @@ opensafety_package_dissector(const gchar * protocolName, const gchar * sub_diss_ type = OPENSAFETY_SPDO_MESSAGE_TYPE; else if ( ( OSS_FRAME_ID(bytesOffset, frameStart1) & OPENSAFETY_SNMT_MESSAGE_TYPE ) == OPENSAFETY_SNMT_MESSAGE_TYPE ) type = OPENSAFETY_SNMT_MESSAGE_TYPE; - else - continue; - } else + else { + /* Skip this frame. We cannot continue without + advancing frameOffset - just doing a continue + will result in an infinite loop. */ + frameOffset += frameLength; + continue; + } + } else { + /* As stated above, you cannot just continue + without advancing frameOffset. */ + frameOffset += frameLength; continue; + } } /* If both frame starts are equal, something went wrong */ @@ -1342,8 +1351,12 @@ opensafety_package_dissector(const gchar * protocolName, const gchar * sub_diss_ if ( type == OPENSAFETY_SPDO_MESSAGE_TYPE ) { address = OSS_FRAME_ADDR(bytesOffset, frameStart1); - if ( address > 1024 ) - continue; + if ( address > 1024 ) { + /* As stated above, you cannot just continue + without advancing frameOffset. */ + frameOffset += frameLength; + continue; + } } /* If this package is not valid, the next step, which normally occurs in unxorFrame will lead to a |