aboutsummaryrefslogtreecommitdiffstats
path: root/epan/dissectors/packet-ltp.c
diff options
context:
space:
mode:
authorChris Maynard <Christopher.Maynard@GTECH.COM>2010-12-28 18:02:24 +0000
committerChris Maynard <Christopher.Maynard@GTECH.COM>2010-12-28 18:02:24 +0000
commitf18068e9ef6209f59f0aa0a23537a9da97cb277c (patch)
tree7b14d0d964d3e173c17294e30a11abb752abff02 /epan/dissectors/packet-ltp.c
parent735709bee6e62b4e283ebeff791b40e24e2c32b5 (diff)
Improve sanity checking of reception claim count. Fixes bug 5521.
svn path=/trunk/; revision=35287
Diffstat (limited to 'epan/dissectors/packet-ltp.c')
-rw-r--r--epan/dissectors/packet-ltp.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/epan/dissectors/packet-ltp.c b/epan/dissectors/packet-ltp.c
index 08b192c264..1fd47bb065 100644
--- a/epan/dissectors/packet-ltp.c
+++ b/epan/dissectors/packet-ltp.c
@@ -431,14 +431,14 @@ dissect_report_segment(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ltp_tree,
}
rcpt_clm_cnt = evaluate_sdnv(tvb,frame_offset + segment_offset, &rcpt_clm_cnt_size);
- if (rcpt_clm_cnt < 0){
- expert_add_info_format(pinfo, ltp_tree, PI_UNDECODED, PI_ERROR, "Negative reception claim count: %d", rcpt_clm_cnt);
- return 0;
- }
segment_offset += rcpt_clm_cnt_size;
if((unsigned)(frame_offset + segment_offset) > tvb_length(tvb)){
return 0;
}
+ if ((rcpt_clm_cnt < 0) || (rcpt_clm_cnt > (tvb_reported_length_remaining(tvb, frame_offset + segment_offset) / 2))){
+ expert_add_info_format(pinfo, ltp_tree, PI_UNDECODED, PI_ERROR, "Non-sensical reception claim count: %d", rcpt_clm_cnt);
+ return 0;
+ }
offset = ep_alloc(sizeof(guint64) * rcpt_clm_cnt);
offset_size = ep_alloc(sizeof(int) * rcpt_clm_cnt);
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-22 08:24:34 +0000