diff options
author | Evan Huus <evan.huus@jadedpixel.com> | 2014-06-19 19:06:59 +0000 |
---|---|---|
committer | Evan Huus <eapache@gmail.com> | 2014-06-19 19:08:33 +0000 |
commit | 1dfe213590baca21f4a00dacb2f726a35bc13588 (patch) | |
tree | 0dfc988d3adb6a5e6461cd6a0fccd468c7b016a6 | |
parent | 7e92d04ec5b1b16b4e30ace72093e3e7783ecfce (diff) | |
download | wireshark-1dfe213590baca21f4a00dacb2f726a35bc13588.tar.gz |
Fix underflow causing infinite loop in openflow dissector
Bug:10208
Change-Id: I8aff9523fd33cf9e0802153100ea032139966b26
Reviewed-on: https://code.wireshark.org/review/2440
Reviewed-by: Evan Huus <eapache@gmail.com>
(cherry picked from commit 592c3673c63561c5126885933e64d734e0572769)
Reviewed-on: https://code.wireshark.org/review/2441
-rw-r--r-- | epan/dissectors/packet-openflow_v5.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/epan/dissectors/packet-openflow_v5.c b/epan/dissectors/packet-openflow_v5.c index 410d95c82d..1a8c6609a6 100644 --- a/epan/dissectors/packet-openflow_v5.c +++ b/epan/dissectors/packet-openflow_v5.c @@ -1455,17 +1455,22 @@ dissect_openflow_hello_element_v5(tvbuff_t *tvb, packet_info *pinfo _U_, proto_t proto_tree_add_item(elem_tree, hf_openflow_v5_hello_element_length, tvb, offset, 2, ENC_BIG_ENDIAN); offset+=2; + if (elem_length >= 4) { + elem_length -= 4; + /* Otherwise expert info? */ + } + switch (elem_type) { case OFPHET_VERSIONBITMAP: /* bitmap */ - proto_tree_add_item(elem_tree, hf_openflow_v5_hello_element_version_bitmap, tvb, offset, elem_length - 4, ENC_NA); - offset += elem_length - 4; + proto_tree_add_item(elem_tree, hf_openflow_v5_hello_element_version_bitmap, tvb, offset, elem_length, ENC_NA); + offset += elem_length; break; default: proto_tree_add_expert_format(tree, pinfo, &ei_openflow_v5_hello_element_undecoded, - tvb, offset, elem_length - 4, "Unknown hello element body."); - offset += elem_length - 4; + tvb, offset, elem_length, "Unknown hello element body."); + offset += elem_length; break; } |