From 10a49366653282f82effd53a6903e3f9ef54315a Mon Sep 17 00:00:00 2001 From: Jeff Morriss Date: Tue, 29 Apr 2008 12:27:32 +0000 Subject: [PATCH] Move minimum byte count test from dissect_scsi_smc_element() up into the calling dissect_scsi_smc_elements() so we can break out of the loop if we're not advancing through the packet. This fixes the infinite loop reported in http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2508 svn path=/trunk/; revision=25193 --- epan/dissectors/packet-scsi-smc.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/epan/dissectors/packet-scsi-smc.c b/epan/dissectors/packet-scsi-smc.c index 979ce0b516..74d2c50545 100644 --- a/epan/dissectors/packet-scsi-smc.c +++ b/epan/dissectors/packet-scsi-smc.c @@ -79,7 +79,7 @@ dissect_smc_exchangemedium (tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *t NULL }; - if (!tree) + if (!tree) return; if (isreq && iscdb) { @@ -110,7 +110,7 @@ dissect_smc_position_to_element (tvbuff_t *tvb, packet_info *pinfo _U_, proto_tr NULL }; - if (!tree) + if (!tree) return; if (isreq && iscdb) { @@ -134,7 +134,7 @@ dissect_smc_initialize_element_status (tvbuff_t *tvb, packet_info *pinfo _U_, pr { guint8 flags; - if (!tree) + if (!tree) return; if (isreq && iscdb) { @@ -158,7 +158,7 @@ dissect_smc_initialize_element_status_with_range (tvbuff_t *tvb, packet_info *pi NULL }; - if (!tree) + if (!tree) return; if (isreq && iscdb) { @@ -183,7 +183,7 @@ dissect_smc_openclose_importexport_element (tvbuff_t *tvb, packet_info *pinfo _U { guint8 flags; - if (!tree) + if (!tree) return; if (isreq && iscdb) { @@ -290,8 +290,6 @@ dissect_scsi_smc_element (tvbuff_t *tvb, packet_info *pinfo _U_, guint8 flags; guint8 ident_len; - if (elem_bytecnt < 2) - return; proto_tree_add_text (tree, tvb, offset, 2, "Element Address: %u", tvb_get_ntohs (tvb, offset)); @@ -483,8 +481,13 @@ dissect_scsi_smc_elements (tvbuff_t *tvb, packet_info *pinfo, while (desc_bytecnt != 0) { elem_bytecnt = elem_desc_len; + if (elem_bytecnt > desc_bytecnt) elem_bytecnt = desc_bytecnt; + + if (elem_bytecnt < 2) + break; + dissect_scsi_smc_element (tvb, pinfo, tree, offset, elem_bytecnt, elem_type, voltag_flags); offset += elem_bytecnt;