diff options
| author | Gerald Combs <gerald@wireshark.org> | 2004-12-06 22:32:50 +0000 |
|---|---|---|
| committer | Gerald Combs <gerald@wireshark.org> | 2004-12-06 22:32:50 +0000 |
| commit | aeee8356b71fda6f62949633475af424934a71a9 (patch) | |
| tree | 342ada79559eaccc2442b66b9d521ae0e549c82a | |
| parent | c87fb7a01034b085ae1feed2c0a799f5291c56a1 (diff) | |
Check for a bogus authentication subheader length.
svn path=/trunk/; revision=12671
| -rw-r--r-- | epan/dissectors/packet-sap.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/epan/dissectors/packet-sap.c b/epan/dissectors/packet-sap.c index c54ad1ecd8..cf3d7c70e0 100644 --- a/epan/dissectors/packet-sap.c +++ b/epan/dissectors/packet-sap.c @@ -197,7 +197,15 @@ dissect_sap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) has_pad = auth_flags&MCAST_SAP_AUTH_BIT_P; if (has_pad) - pad_len = tvb_get_guint8(tvb, offset+auth_data_len-1); + pad_len = tvb_get_guint8(tvb, offset+auth_data_len-1); + + if ((int) auth_data_len - pad_len - 1 < 0) { + proto_tree_add_text(sa_tree, tvb, 0, 0, + "Bogus authentication length (%d) or pad length (%d)", + auth_len, pad_len); + return; + } + proto_tree_add_text(sa_tree, tvb, offset+1, auth_data_len-pad_len-1, "Authentication subheader: (%u byte%s)", |