diff options
author | guy <guy@f5534014-38df-0310-8fa8-9805f1628bb7> | 2002-09-18 01:10:02 +0000 |
---|---|---|
committer | guy <guy@f5534014-38df-0310-8fa8-9805f1628bb7> | 2002-09-18 01:10:02 +0000 |
commit | 4d9ef5f1cfe1be8d302afb4d49bebf521ec75578 (patch) | |
tree | 93b96db8ac0391a9177dcbad6589b1b4a7c3d7eb /packet-afp.c | |
parent | 18ba21fdc0e9765fd063bfa10813d4860ff64936 (diff) |
From Didier Gautheron: bail out in "loop_record()" if the size of the
structure to be dissected is 0.
Also, in "loop_record()":
Make the variable in which that size is stored a "guint" to
avoid overflows.
Free up the name string as soon as we're done with it, so that
we won't leak it if we throw an exception.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6301 f5534014-38df-0310-8fa8-9805f1628bb7
Diffstat (limited to 'packet-afp.c')
-rw-r--r-- | packet-afp.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/packet-afp.c b/packet-afp.c index 4d8950e164..fb54aa3816 100644 --- a/packet-afp.c +++ b/packet-afp.c @@ -2,7 +2,7 @@ * Routines for afp packet dissection * Copyright 2002, Didier Gautheron <dgautheron@magic.fr> * - * $Id: packet-afp.c,v 1.21 2002/08/28 21:00:06 jmayer Exp $ + * $Id: packet-afp.c,v 1.22 2002/09/18 01:10:02 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -1566,14 +1566,15 @@ loop_record(tvbuff_t *tvb, proto_tree *ptree, gint offset, proto_item *item; gchar *name; guint8 flags; - guint8 size; + guint size; gint org; int i; for (i = 0; i < count; i++) { org = offset; - name = NULL; size = tvb_get_guint8(tvb, offset) +add; + if (!size) + return offset; /* packet is malformed */ flags = tvb_get_guint8(tvb, offset +1); if (ptree) { @@ -1590,6 +1591,7 @@ loop_record(tvbuff_t *tvb, proto_tree *ptree, gint offset, } item = proto_tree_add_text(ptree, tvb, offset, size, name); tree = proto_item_add_subtree(item, ett_afp_enumerate_line); + g_free((gpointer)name); } proto_tree_add_item(tree, hf_afp_struct_size, tvb, offset, 1,FALSE); offset++; @@ -1605,8 +1607,6 @@ loop_record(tvbuff_t *tvb, proto_tree *ptree, gint offset, if ((offset & 1)) PAD(1); offset = org +size; /* play safe */ - if (ptree) - g_free((gpointer)name); } return offset; } |