If you have a loop that iterates over packet contents, you absolutely

must not just do a "continue" if the offset into the packet has not been advanced, as you will get an infinite loop if you do. git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@38383 f5534014-38df-0310-8fa8-9805f1628bb7
author: guy <guy@f5534014-38df-0310-8fa8-9805f1628bb7> 2011-08-07 08:26:29 +0000
committer: guy <guy@f5534014-38df-0310-8fa8-9805f1628bb7> 2011-08-07 08:26:29 +0000
commit: 9eeef5a0ec6cf6e85e0eef306e5f3cf975658490 (patch)
tree: 57ea3bbd2c4a89f29c4604dfa26243d1f262f3de
parent: 3cedae4a491b520566ee466d0f605afe06cd6e2c (diff)
1 files changed, 19 insertions, 6 deletions
diff --git a/epan/dissectors/packet-opensafety.c b/epan/dissectors/packet-opensafety.c
index 11fa16b2cc..fbc6a95763 100644
--- a/epan/dissectors/packet-opensafety.c
+++ b/epan/dissectors/packet-opensafety.c
@@ -1267,7 +1267,7 @@ opensafety_package_dissector(const gchar * protocolName, const gchar * sub_diss_
     {
         if ( findSafetyFrame(bytes, length - frameOffset, frameOffset, &frameOffset, &frameLength) )
         {
-        	if ((frameOffset + frameLength) > (guint)reported_len )
+            if ((frameOffset + frameLength) > (guint)reported_len )
                 break;
             found++;
 
@@ -1328,10 +1328,19 @@ opensafety_package_dissector(const gchar * protocolName, const gchar * sub_diss_
                         type = OPENSAFETY_SPDO_MESSAGE_TYPE;
                     else if ( ( OSS_FRAME_ID(bytesOffset, frameStart1) & OPENSAFETY_SNMT_MESSAGE_TYPE ) == OPENSAFETY_SNMT_MESSAGE_TYPE )
                         type = OPENSAFETY_SNMT_MESSAGE_TYPE;
-                    else
-                    	continue;
-                } else
+                    else {
+                    	/* Skip this frame.  We cannot continue without
+                    	   advancing frameOffset - just doing a continue
+                    	   will result in an infinite loop. */
+                        frameOffset += frameLength;
+                        continue;
+                    }
+                } else {
+                    /* As stated above, you cannot just continue
+                       without advancing frameOffset. */
+                    frameOffset += frameLength;
                     continue;
+                }
             }
 
             /* If both frame starts are equal, something went wrong */
@@ -1342,8 +1351,12 @@ opensafety_package_dissector(const gchar * protocolName, const gchar * sub_diss_
             if ( type == OPENSAFETY_SPDO_MESSAGE_TYPE )
             {
             	address = OSS_FRAME_ADDR(bytesOffset, frameStart1);
-            	if ( address > 1024 )
-            		continue;
+            	if ( address > 1024 ) {
+                    /* As stated above, you cannot just continue
+                       without advancing frameOffset. */
+                    frameOffset += frameLength;
+                    continue;
+                }
             }
 
             /* If this package is not valid, the next step, which normally occurs in unxorFrame will lead to a
author	guy <guy@f5534014-38df-0310-8fa8-9805f1628bb7>	2011-08-07 08:26:29 +0000
committer	guy <guy@f5534014-38df-0310-8fa8-9805f1628bb7>	2011-08-07 08:26:29 +0000
commit	9eeef5a0ec6cf6e85e0eef306e5f3cf975658490 (patch)
tree	57ea3bbd2c4a89f29c4604dfa26243d1f262f3de
parent	3cedae4a491b520566ee466d0f605afe06cd6e2c (diff)