thread: Fix division by zero

Perform sanity check on channel count. Channel count must be greater than zero
to build energy measurements list from Energy List TLV [1]. Zero channel count
results in a division by zero in dissect_thread_mc. Do not process Energy List
TLV if zero.

[1]: OpenThread implementation -
https://github.com/openthread/openthread/blob/b89a9dfbc117a9c80e795700b67/include/openthread/commissioner.h#L158
Energy List TLV contains energy measurements. If no channels are present, no
energy measurements can exist.

Bug: 13747
Change-Id: I53a19dfbeae9ef0421c8c144ef3be4da28413ad3
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1979
Reviewed-on: https://code.wireshark.org/review/21878
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

1 files changed, 1 insertions, 1 deletions

diff --git a/epan/dissectors/packet-thread.c b/epan/dissectors/packet-thread.c
index 835810c2ae..4b5a8abaa8 100644
--- a/epan/dissectors/packet-thread.c
+++ b/epan/dissectors/packet-thread.c
@@ -1821,7 +1821,7 @@ dissect_thread_mc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *dat
                     proto_tree *it_tree;
                     int i;
 
-                    if ((chancount != THREAD_MC_INVALID_CHAN_COUNT) && ((tlv_len % chancount) == 0)) {
+                    if ((chancount != THREAD_MC_INVALID_CHAN_COUNT) && (chancount != 0) && ((tlv_len % chancount) == 0)) {
                         /* Go through the number of el_counts of scan */
                         for (i = 0; i < (int)(tlv_len / (guint16)chancount); i++) {
                             pi = proto_tree_add_item(tlv_tree, hf_thread_mc_tlv_el_count, tvb, offset, 1, ENC_NA);