Correct bug in heuristic so as to strengthen it a bit.

Specifically: a little research verifies that the correct
 heuristic is: Succeed if the byte at offset 0 is an STX *and* the
 bytes at offset 3/4 correspond to a valid OICQ command.
 The code was actually effectively doing an *or* and thus the
 heuristic was quite weak.

svn path=/trunk/; revision=27619

1 files changed, 6 insertions, 3 deletions

diff --git a/epan/dissectors/packet-oicq.c b/epan/dissectors/packet-oicq.c
index 12ed991471..e94a827b2e 100644
--- a/epan/dissectors/packet-oicq.c
+++ b/epan/dissectors/packet-oicq.c
@@ -120,9 +120,12 @@ dissect_oicq(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 	proto_item	*ti;
 	int offset = 0;
 
-	/* Make sure this packet is for us */
-	if(match_strval(tvb_get_guint8(tvb, 0), oicq_flag_vals) == NULL &&
-	   match_strval(tvb_get_ntohs(tvb, 3), oicq_command_vals) == NULL)
+	/* Make sure this packet is for us.                                  */
+	/* heuristic: OICQ iff (([0] == STX) && ([3/4] == <valid_command>) ) */
+        /*  (Supposedly each OICQ message ends with an ETX so a test for     */
+        /*   same could also be part of the heuristic).                      */
+	if ( (match_strval(tvb_get_guint8(tvb, 0), oicq_flag_vals)    == NULL) ||
+	     (match_strval(tvb_get_ntohs(tvb, 3),  oicq_command_vals) == NULL) )
 		return 0;
 
 	if (check_col(pinfo->cinfo, COL_PROTOCOL))