If you have a loop that iterates over packet contents, you absolutely

must not just do a "continue" if the offset into the packet has not been advanced, as you will get an infinite loop if you do. svn path=/trunk/; revision=38383
2011-08-07 08:26:29 +00:00 · 2011-08-07 08:26:29 +00:00 · d4c6d19cd3
parent 5a885f1a91
commit d4c6d19cd3
1 changed files with 19 additions and 6 deletions
--- a/epan/dissectors/packet-opensafety.c
+++ b/epan/dissectors/packet-opensafety.c
@ -1267,7 +1267,7 @@ opensafety_package_dissector(const gchar * protocolName, const gchar * sub_diss_
    {
        if ( findSafetyFrame(bytes, length - frameOffset, frameOffset, &frameOffset, &frameLength) )
        {
-        	if ((frameOffset + frameLength) > (guint)reported_len )
+            if ((frameOffset + frameLength) > (guint)reported_len )
                break;
            found++;

@ -1328,10 +1328,19 @@ opensafety_package_dissector(const gchar * protocolName, const gchar * sub_diss_
                        type = OPENSAFETY_SPDO_MESSAGE_TYPE;
                    else if ( ( OSS_FRAME_ID(bytesOffset, frameStart1) & OPENSAFETY_SNMT_MESSAGE_TYPE ) == OPENSAFETY_SNMT_MESSAGE_TYPE )
                        type = OPENSAFETY_SNMT_MESSAGE_TYPE;
-                    else
-                    	continue;
-                } else
+                    else {
+                    	/* Skip this frame.  We cannot continue without
+                    	   advancing frameOffset - just doing a continue
+                    	   will result in an infinite loop. */
+                        frameOffset += frameLength;
+                        continue;
+                    }
+                } else {
+                    /* As stated above, you cannot just continue
+                       without advancing frameOffset. */
+                    frameOffset += frameLength;
                    continue;
+                }
            }

            /* If both frame starts are equal, something went wrong */
@ -1342,8 +1351,12 @@ opensafety_package_dissector(const gchar * protocolName, const gchar * sub_diss_
            if ( type == OPENSAFETY_SPDO_MESSAGE_TYPE )
            {
            	address = OSS_FRAME_ADDR(bytesOffset, frameStart1);
-            	if ( address > 1024 )
-            		continue;
+            	if ( address > 1024 ) {
+                    /* As stated above, you cannot just continue
+                       without advancing frameOffset. */
+                    frameOffset += frameLength;
+                    continue;
+                }
            }

            /* If this package is not valid, the next step, which normally occurs in unxorFrame will lead to a