MIPv6: Mobility Option Mobile Node Link Layer Identifier Link-layer Identifier field is read beyond the option data

there's a single IPv6 packet with Mobile Node Link Layer Identifier mobility option. The option's data length is 9 but and since the Reserved field takes 2 bytes, the Link Layer Identifier field should take 7 bytes. However, the Link Layer Identifier field is read until the end of the packet, which is 519 bytes. Bug:10578 Change-Id: I518de7f6b75e5b749cb029845fd4846954ca6d0e Reviewed-on: https://code.wireshark.org/review/4818 Reviewed-by: Michael Mann <mmann78@netscape.net>
author: Alexis La Goutte <alexis.lagoutte@gmail.com> 2014-10-18 16:55:46 +0200
committer: Michael Mann <mmann78@netscape.net> 2014-10-18 17:16:31 +0000
commit: 51f496220322ac518d9485afe030d0568fdae080 (patch)
tree: a15a48863389133bf995d394cc63dbe4aab08c86 /epan/dissectors/packet-mip6.c
parent: 8a10f77ab4d7722efc95170771540eb93b2c2f16 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/epan/dissectors/packet-mip6.c b/epan/dissectors/packet-mip6.c
index b776675d0e..8cc9c2dd46 100644
--- a/epan/dissectors/packet-mip6.c
+++ b/epan/dissectors/packet-mip6.c
@@ -2371,7 +2371,7 @@ dissect_pmip6_opt_mnlli(const mip6_opt *optp _U_, tvbuff_t *tvb, int offset,
 
     proto_tree_add_item(opt_tree, hf_mip6_opt_mnlli_reserved, tvb, offset, 2, ENC_BIG_ENDIAN);
     offset += 2;
-    proto_tree_add_item(opt_tree, hf_mip6_opt_mnlli_lli, tvb, offset, -1, ENC_NA);
+    proto_tree_add_item(opt_tree, hf_mip6_opt_mnlli_lli, tvb, offset, optlen-2-2, ENC_NA);
 
 }
author	Alexis La Goutte <alexis.lagoutte@gmail.com>	2014-10-18 16:55:46 +0200
committer	Michael Mann <mmann78@netscape.net>	2014-10-18 17:16:31 +0000
commit	51f496220322ac518d9485afe030d0568fdae080 (patch)
tree	a15a48863389133bf995d394cc63dbe4aab08c86 /epan/dissectors/packet-mip6.c
parent	8a10f77ab4d7722efc95170771540eb93b2c2f16 (diff)