From 18afa39e524495151d35a903434ac46b40bcf13b Mon Sep 17 00:00:00 2001
From: Pascal Quantin <pascal.quantin@gmail.com>
Date: Sat, 30 Jan 2016 22:38:40 +0100
Subject: [PATCH] MEGACO: fix dissection of packets

Bug introduced in g841f636

Bug: 12059
Change-Id: I02a33f95baf2670fb491c951ba85a1bacdeb6386
Reviewed-on: https://code.wireshark.org/review/13613
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
---
 epan/dissectors/packet-megaco.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/epan/dissectors/packet-megaco.c b/epan/dissectors/packet-megaco.c
index 93f05efa2d..6963b9e178 100644
--- a/epan/dissectors/packet-megaco.c
+++ b/epan/dissectors/packet-megaco.c
@@ -561,7 +561,7 @@ dissect_megaco_text(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* d
     gint        tvb_transaction_end_offset;
     proto_tree  *megaco_tree, *message_body_tree, *megaco_tree_command_line, *ti, *sub_ti;
 
-    guint8      word[7];
+    guint8      word[15];
     guint8      TermID[30];
     guint8      tempchar;
     gint        tvb_RBRKT, tvb_LBRKT,  RBRKT_counter, LBRKT_counter;
@@ -611,11 +611,18 @@ dissect_megaco_text(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* d
      */
     tvb_offset = megaco_tvb_skip_wsp(tvb, tvb_offset);
 
+    /* Quick fix for MEGACO not following the RFC, hopefully not breaking any thing
+     * Turned out to be TPKT in case of TCP, added some code to handle that.
+     *
+     * tvb_offset = tvb_find_guint8(tvb, tvb_offset, 5, 'M');
+     */
+    if(!tvb_get_nstringz0(tvb,tvb_offset,sizeof(word),word)) return tvb_captured_length(tvb);
+
     /* Quick fix for MEGACO packet with Authentication Header,
      * marked as "AU" or "Authentication".
      */
-    if (g_ascii_strncasecmp(word, "Authentication", 14) ||
-        g_ascii_strncasecmp(word, "AU", 2) ) {
+    if ((g_ascii_strncasecmp(word, "Authentication", 14) == 0) ||
+        (g_ascii_strncasecmp(word, "AU", 2) == 0)) {
         gint counter;
         guint8 next;
 
@@ -633,13 +640,6 @@ dissect_megaco_text(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* d
         }
     }
 
-    /* Quick fix for MEGACO not following the RFC, hopefully not breaking any thing
-     * Turned out to be TPKT in case of TCP, added some code to handle that.
-     *
-     * tvb_offset = tvb_find_guint8(tvb, tvb_offset, 5, 'M');
-     */
-    if(!tvb_get_nstringz0(tvb,tvb_offset,sizeof(word),word)) return tvb_captured_length(tvb);
-
     short_form = (tvb_get_guint8(tvb, tvb_offset ) == '!');
 
     if (g_ascii_strncasecmp(word, "MEGACO", 6) != 0 && !short_form){