From fa02d66c12a6df4d0cf676ffcb5575e04eef4302 Mon Sep 17 00:00:00 2001 From: stig Date: Fri, 30 Nov 2007 16:01:08 +0000 Subject: From Florent DROUIN: I just add a test for the index, to check we are in the element table. This fixes bug 2051. git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@23688 f5534014-38df-0310-8fa8-9805f1628bb7 --- epan/dissectors/packet-ansi_a.c | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) (limited to 'epan/dissectors/packet-ansi_a.c') diff --git a/epan/dissectors/packet-ansi_a.c b/epan/dissectors/packet-ansi_a.c index 3804f8596b..cac0c9f7bf 100644 --- a/epan/dissectors/packet-ansi_a.c +++ b/epan/dissectors/packet-ansi_a.c @@ -8063,6 +8063,11 @@ elem_tlv(tvbuff_t *tvb, proto_tree *tree, elem_idx_t idx, guint32 offset, guint curr_offset = offset; consumed = 0; + if ( 0 < idx || idx > ANSI_A_E_NONE) { + /* Unknown index, skip the element */ + return tvb_length_remaining(tvb, offset) ; + } + oct = tvb_get_guint8(tvb, curr_offset); if (oct == (guint8) ansi_a_elem_1_strings[idx].value) @@ -8140,6 +8145,11 @@ elem_tv(tvbuff_t *tvb, proto_tree *tree, elem_idx_t idx, guint32 offset, const g curr_offset = offset; consumed = 0; + if ( 0 < idx || idx > ANSI_A_E_NONE) { + /* Unknown index, skip the element */ + return tvb_length_remaining(tvb, offset) ; + } + oct = tvb_get_guint8(tvb, curr_offset); if (oct == (guint8) ansi_a_elem_1_strings[idx].value) @@ -8208,6 +8218,11 @@ elem_t(tvbuff_t *tvb, proto_tree *tree, elem_idx_t idx, guint32 offset, const gc curr_offset = offset; consumed = 0; + if ( 0 < idx || idx > ANSI_A_E_NONE) { + /* Unknown index, skip the element */ + return tvb_length_remaining(tvb, offset) ; + } + oct = tvb_get_guint8(tvb, curr_offset); if (oct == (guint8) ansi_a_elem_1_strings[idx].value) @@ -8239,7 +8254,12 @@ elem_lv(tvbuff_t *tvb, proto_tree *tree, elem_idx_t idx, guint32 offset, guint l curr_offset = offset; consumed = 0; - + + if ( 0 < idx || idx > ANSI_A_E_NONE) { + /* Unknown index, skip the element */ + return tvb_length_remaining(tvb, offset) ; + } + dec_idx = ansi_a_elem_1_strings[idx].dec_index; parm_len = tvb_get_guint8(tvb, curr_offset); @@ -8302,6 +8322,11 @@ elem_v(tvbuff_t *tvb, proto_tree *tree, elem_idx_t idx, guint32 offset) curr_offset = offset; consumed = 0; + if ( 0 < idx || idx > ANSI_A_E_NONE) { + /* Unknown index, skip the element */ + return tvb_length_remaining(tvb, offset) ; + } + dec_idx = ansi_a_elem_1_strings[idx].dec_index; if (elem_1_fcn[dec_idx] == NULL) -- cgit v1.2.3