osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

ber: fix buffer overrun when handling empty sets 

When a set is empty, only a terminator (ber_sequence_t with NULL func)
is present. In that case, do not try to find more values as that will
never succeed.

Bug: 12106
Change-Id: I26cd4ba84a9580e92d5921592a27c2af17c0bebf
Reviewed-on: https://code.wireshark.org/review/14028
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This commit is contained in:
Peter Wu 2016-02-20 15:06:50 +01:00
parent c31425f9ae
commit 55b5b7caf3
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
epan/dissectors/packet-ber.c
View File

@ -2594,6 +2594,10 @@ printf("SET dissect_ber_set(%s) entered\n", name);
cset = set; /* reset to the beginning */
set_idx = 0;
/* If the set has no values, there is no point in trying again. */
if (!cset->func) {
break;
}
}
if ((first_pass && ((cset->ber_class == ber_class) && (cset->tag == tag))) ||