diff options
| author | Guy Harris <guy@alum.mit.edu> | 2012-04-13 03:34:18 +0000 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2012-04-13 03:34:18 +0000 |
| commit | bdda4a44989170a61145d393dc018e5e0e517fea (patch) | |
| tree | 9adfdffbfa171c3c7f1d303bb0bd489b432fa00b /epan/dissectors/packet-irc.c | |
| parent | ee13854e77e61f9c5acf2aded8ee84358adfe171 (diff) | |
When skipping white space, don't skip past the end of the line.
This *might* fix bug 7070, but I can't reproduce that bug on my machine
- I'm guessing from the "out of CPU time" that there's an infinite loop
somewhere, but I'm not seeing it. In any case, these tests *are*
necessary.
svn path=/trunk/; revision=42040
Diffstat (limited to 'epan/dissectors/packet-irc.c')
| -rw-r--r-- | epan/dissectors/packet-irc.c | 46 |
1 files changed, 38 insertions, 8 deletions
diff --git a/epan/dissectors/packet-irc.c b/epan/dissectors/packet-irc.c index c86ee80edc..00883d449b 100644 --- a/epan/dissectors/packet-irc.c +++ b/epan/dissectors/packet-irc.c @@ -113,6 +113,7 @@ dissect_irc_request(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, int off proto_tree *request_tree, *command_tree = NULL; proto_item *request_item, *command_item; int start_offset = offset; + int end_offset = start_offset+linelen; gint eop_offset = -1, eoc_offset = -1, eocp_offset, @@ -145,10 +146,15 @@ dissect_irc_request(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, int off } /* clear out any whitespace before command */ - while(tvb_get_guint8(tvb, offset) == ' ') + while(offset < end_offset && tvb_get_guint8(tvb, offset) == ' ') { offset++; } + if (offset == end_offset) + { + expert_add_info_format(pinfo, request_item, PI_MALFORMED, PI_ERROR, "Request has no command"); + return; + } eoc_offset = tvb_pbrk_guint8(tvb, offset, linelen-offset, (const guint8 *)" ", &found_needle); if (eoc_offset == -1) @@ -184,10 +190,15 @@ dissect_irc_request(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, int off offset = eoc_offset+1; /* clear out any whitespace before command parameter */ - while(tvb_get_guint8(tvb, offset) == ' ') + while(offset < end_offset && tvb_get_guint8(tvb, offset) == ' ') { offset++; } + if (offset == end_offset) + { + /* No command parameters */ + return; + } /* Check if message has a trailer */ if (tvb_get_guint8(tvb, offset) == ':') @@ -197,7 +208,7 @@ dissect_irc_request(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, int off return; } - while(offset < start_offset+linelen) + while(offset < end_offset) { eocp_offset = tvb_pbrk_guint8(tvb, offset, linelen-offset, (const guint8 *)" ", &found_needle); tag_start_offset = tvb_pbrk_guint8(tvb, offset, linelen-offset, TAG_DELIMITER, &found_tag_needle); @@ -227,10 +238,14 @@ dissect_irc_request(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, int off offset = eocp_offset+1; /* clear out any whitespace before next command parameter */ - while(tvb_get_guint8(tvb, offset) == ' ') + while(offset < end_offset && tvb_get_guint8(tvb, offset) == ' ') { offset++; } + if (offset == end_offset) + { + break; + } /* Check if message has a trailer */ if (tvb_get_guint8(tvb, offset) == ':') @@ -265,6 +280,7 @@ dissect_irc_response(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, int of proto_tree *response_tree, *command_tree = NULL; proto_item *response_item, *command_item, *hidden_item; int start_offset = offset; + int end_offset = start_offset+linelen; gint eop_offset = -1, eoc_offset = -1, eocp_offset, @@ -298,10 +314,15 @@ dissect_irc_response(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, int of } /* clear out any whitespace before command */ - while(tvb_get_guint8(tvb, offset) == ' ') + while(offset < end_offset && tvb_get_guint8(tvb, offset) == ' ') { offset++; } + if (offset == end_offset) + { + expert_add_info_format(pinfo, response_item, PI_MALFORMED, PI_ERROR, "Response has no command"); + return; + } eoc_offset = tvb_pbrk_guint8(tvb, offset, linelen-offset, (const guint8 *)" ", &found_needle); if (eoc_offset == -1) @@ -341,10 +362,15 @@ dissect_irc_response(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, int of offset = eoc_offset+1; /* clear out any whitespace before command parameter */ - while(tvb_get_guint8(tvb, offset) == ' ') + while(offset < end_offset && tvb_get_guint8(tvb, offset) == ' ') { offset++; } + if (offset == end_offset) + { + /* No command parameters */ + return; + } /* Check if message has a trailer */ if (tvb_get_guint8(tvb, offset) == ':') @@ -354,7 +380,7 @@ dissect_irc_response(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, int of return; } - while(offset < start_offset+linelen) + while(offset < end_offset) { eocp_offset = tvb_pbrk_guint8(tvb, offset, linelen-offset, (const guint8 *)" ", &found_needle); tag_start_offset = tvb_pbrk_guint8(tvb, offset, linelen-offset, TAG_DELIMITER, &found_tag_needle); @@ -384,10 +410,14 @@ dissect_irc_response(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, int of offset = eocp_offset+1; /* clear out any whitespace before next command parameter */ - while(tvb_get_guint8(tvb, offset) == ' ') + while(offset < end_offset && tvb_get_guint8(tvb, offset) == ' ') { offset++; } + if (offset == end_offset) + { + break; + } /* Check if message has a trailer */ if (tvb_get_guint8(tvb, offset) == ':') |