diff options
author | Ulf Lamping <ulf.lamping@web.de> | 2005-07-01 21:04:13 +0000 |
---|---|---|
committer | Ulf Lamping <ulf.lamping@web.de> | 2005-07-01 21:04:13 +0000 |
commit | 2ce8d2a30f519ad93ef8aaf2e29fcc96ab95c2dd (patch) | |
tree | c5e1bcc1278dd9072b28d40e266c7a3cae57830c /epan/dissectors/packet-bssgp.c | |
parent | 22fff1e1f308ed3849c3dddd15eff189bb7326ea (diff) |
fixed various issues (two serious ones) found by "private" fuzz-testing
svn path=/trunk/; revision=14830
Diffstat (limited to 'epan/dissectors/packet-bssgp.c')
-rw-r--r-- | epan/dissectors/packet-bssgp.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/epan/dissectors/packet-bssgp.c b/epan/dissectors/packet-bssgp.c index 2e085f372b..38013c4c6b 100644 --- a/epan/dissectors/packet-bssgp.c +++ b/epan/dissectors/packet-bssgp.c @@ -1309,6 +1309,7 @@ decode_mobile_identity(bssgp_ie_t *ie, build_info_t *bi, int ie_start_offset) { case BSSGP_MOBILE_IDENTITY_TYPE_IMEISV: num_digits = 1 + (ie->value_length - 1) * 2; if (odd_even != ODD ) num_digits--; + if (num_digits > MAX_NUM_IMSI_DIGITS) THROW(ReportedBoundsError); i = 0; digits[i] = get_masked_guint8(data, BSSGP_MASK_LEFT_OCTET_HALF); @@ -5377,7 +5378,14 @@ decode_pdu_ran_information(build_info_t *bi) { decode_pdu_general(ies, 7, bi); while (tvb_length_remaining(bi->tvb, bi->offset) >= 4) { + guint32 org_offset = bi->offset; + decode_ie(&ies[7], bi); + + /* prevent an endless loop */ + if(org_offset == bi->offset) { + THROW(ReportedBoundsError); + } } } |