diff options
| author | Guy Harris <guy@alum.mit.edu> | 2011-09-28 19:08:20 +0000 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2011-09-28 19:08:20 +0000 |
| commit | e4532f21afdd0980c6d0799bcd135a09bc517c15 (patch) | |
| tree | 81da91d3a56b8713149addd02c462d72e4a4602d /epan/dissectors/packet-afp.c | |
| parent | aa1199d01fda1bd13870112b4f06009ddfd7de9d (diff) | |
Quit if we have a zero-length query, so we don't loop indefinitely.
Should fix bug 6378.
svn path=/trunk/; revision=39176
Diffstat (limited to 'epan/dissectors/packet-afp.c')
| -rw-r--r-- | epan/dissectors/packet-afp.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/epan/dissectors/packet-afp.c b/epan/dissectors/packet-afp.c index 1b11d3315e..7f1e9903dc 100644 --- a/epan/dissectors/packet-afp.c +++ b/epan/dissectors/packet-afp.c @@ -4136,6 +4136,10 @@ spotlight_dissect_query_loop(tvbuff_t *tvb, proto_tree *tree, gint offset, guint while ((offset < (toc_offset - 8)) && (count > 0)) { query_data64 = spotlight_ntoh64(tvb, offset, encoding); query_length = (query_data64 & 0xffff) * 8; + if (query_length == 0) { + /* XXX - report this as an error */ + break; + } query_type = (query_data64 & 0xffff0000) >> 16; switch (query_type) { |