From e4aa7be94943369c7f8119d7f15135d3f07b56df Mon Sep 17 00:00:00 2001 From: Kenneth Soerensen Date: Thu, 15 Sep 2016 20:46:37 +0200 Subject: [PATCH] ZigBee: Fix reassembly of APS fragments. The unsigned variable num_blocks was initialized to -1. Which caused the dissector to set the total length to 4294967295 fragments when the second fragment was processed. This made the dissector unable to reassemble data made of more than two fragments. Change-Id: I120af090ed29ac73a1fa699bea2bfc91798ef92b Reviewed-on: https://code.wireshark.org/review/17712 Petri-Dish: Anders Broman Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman --- epan/dissectors/packet-zbee-aps.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/epan/dissectors/packet-zbee-aps.c b/epan/dissectors/packet-zbee-aps.c index 5851ab105f..96522deb4b 100644 --- a/epan/dissectors/packet-zbee-aps.c +++ b/epan/dissectors/packet-zbee-aps.c @@ -999,7 +999,7 @@ dissect_zbee_aps_no_endpt: if ((payload_tvb) && (packet.fragmentation != ZBEE_APS_EXT_FCF_FRAGMENT_NONE)) { guint32 msg_id; guint32 block_num; - guint32 num_blocks = -1; + guint32 num_blocks; fragment_head *frag_msg = NULL; tvbuff_t *new_tvb; @@ -1022,6 +1022,7 @@ dissect_zbee_aps_no_endpt: } else { block_num = packet.block_number; + num_blocks = 0; } /* Add this fragment to the reassembly handler. */