Fix infinite loop in reallocation of memory for decryption buffer.
svn path=/trunk/; revision=2688
This commit is contained in:
parent
3faeb8e0e7
commit
de9a50d3e7
17
packet-icq.c
17
packet-icq.c
|
@ -1,7 +1,7 @@
|
||||||
/* packet-icq.c
|
/* packet-icq.c
|
||||||
* Routines for ICQ packet disassembly
|
* Routines for ICQ packet disassembly
|
||||||
*
|
*
|
||||||
* $Id: packet-icq.c,v 1.23 2000/11/19 19:23:54 gerald Exp $
|
* $Id: packet-icq.c,v 1.24 2000/11/21 16:17:58 gram Exp $
|
||||||
*
|
*
|
||||||
* Ethereal - Network traffic analyzer
|
* Ethereal - Network traffic analyzer
|
||||||
* By Johan Feyaerts
|
* By Johan Feyaerts
|
||||||
|
@ -2053,14 +2053,19 @@ dissect_icqv5Client(const u_char *pd,
|
||||||
guint32 key = -1;
|
guint32 key = -1;
|
||||||
guint16 pktsize = -1; /* The size of the ICQ content */
|
guint16 pktsize = -1; /* The size of the ICQ content */
|
||||||
static u_char *decr_pd = NULL; /* Decrypted content */
|
static u_char *decr_pd = NULL; /* Decrypted content */
|
||||||
|
static int decr_size = 0; /* Size of decrypted-content buffer */
|
||||||
|
|
||||||
pktsize = END_OF_FRAME;
|
pktsize = END_OF_FRAME;
|
||||||
|
|
||||||
if (decr_pd == NULL)
|
if (decr_size == 0 ) {
|
||||||
decr_pd = (u_char *) g_malloc(sizeof (u_char) * 128);
|
decr_size = sizeof(u_char) * 128;
|
||||||
|
decr_pd = g_malloc(decr_size);
|
||||||
while (sizeof(decr_pd) < pktsize + 3)
|
}
|
||||||
decr_pd = (u_char *) g_realloc(decr_pd, sizeof (decr_pd) * 2);
|
|
||||||
|
while (decr_size < pktsize + 3) {
|
||||||
|
decr_size *= 2;
|
||||||
|
decr_pd = g_realloc(decr_pd, decr_size);
|
||||||
|
}
|
||||||
|
|
||||||
/* First copy the memory, we don't want to overwrite the old content */
|
/* First copy the memory, we don't want to overwrite the old content */
|
||||||
memcpy(decr_pd, &pd[offset], pktsize);
|
memcpy(decr_pd, &pd[offset], pktsize);
|
||||||
|
|
Loading…
Reference in New Issue