osmocom
/
wireshark
14
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Fix infinite loop in reallocation of memory for decryption buffer. 

svn path=/trunk/; revision=2688
This commit is contained in:
Gilbert Ramirez 2000-11-21 16:17:58 +00:00
parent 3faeb8e0e7
commit de9a50d3e7
1 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
packet-icq.c
View File

@ -1,7 +1,7 @@
/* packet-icq.c /* packet-icq.c
* Routines for ICQ packet disassembly * Routines for ICQ packet disassembly
* *
* $Id: packet-icq.c,v 1.23 2000/11/19 19:23:54 gerald Exp $ * $Id: packet-icq.c,v 1.24 2000/11/21 16:17:58 gram Exp $
* *
* Ethereal - Network traffic analyzer * Ethereal - Network traffic analyzer
* By Johan Feyaerts * By Johan Feyaerts
@ -2053,14 +2053,19 @@ dissect_icqv5Client(const u_char *pd,
guint32 key = -1; guint32 key = -1;
guint16 pktsize = -1; /* The size of the ICQ content */ guint16 pktsize = -1; /* The size of the ICQ content */
static u_char *decr_pd = NULL; /* Decrypted content */ static u_char *decr_pd = NULL; /* Decrypted content */
static int decr_size = 0; /* Size of decrypted-content buffer */
pktsize = END_OF_FRAME; pktsize = END_OF_FRAME;
if (decr_pd == NULL) if (decr_size == 0 ) {
decr_pd = (u_char *) g_malloc(sizeof (u_char) * 128); decr_size = sizeof(u_char) * 128;
decr_pd = g_malloc(decr_size);
while (sizeof(decr_pd) < pktsize + 3) }
decr_pd = (u_char *) g_realloc(decr_pd, sizeof (decr_pd) * 2);
while (decr_size < pktsize + 3) {
decr_size *= 2;
decr_pd = g_realloc(decr_pd, decr_size);
}
/* First copy the memory, we don't want to overwrite the old content */ /* First copy the memory, we don't want to overwrite the old content */
memcpy(decr_pd, &pd[offset], pktsize); memcpy(decr_pd, &pd[offset], pktsize);