Don't try to reassemble a huge number of fragments.

svn path=/trunk/; revision=23463

2 files changed, 17 insertions, 0 deletions

diff --git a/docbook/release-notes.xml b/docbook/release-notes.xml
index 581222ede0..c8b8312396 100644
--- a/docbook/release-notes.xml
+++ b/docbook/release-notes.xml
@@ -130,6 +130,18 @@ Wireshark Info
           </para>
         </listitem>
 
+        <listitem>
+          <para>
+            The DCP ETSI dissector could enter a large loop and consume
+            system resources.
+            <!-- Fixed in r23463 -->
+          </para>
+          <para>Versions affected: 0.99.6</para>
+          <para>
+            <!-- <ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-????">CVE-2007-????</ulink> -->
+          </para>
+        </listitem>
+
         <!-- iSeries -->
         <!-- rtsp? -->
       </itemizedlist>
diff --git a/epan/dissectors/packet-dcp-etsi.c b/epan/dissectors/packet-dcp-etsi.c
index 34d3433c92..2556e5f24f 100644
--- a/epan/dissectors/packet-dcp-etsi.c
+++ b/epan/dissectors/packet-dcp-etsi.c
@@ -290,6 +290,11 @@ dissect_pft_fec_detailed(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree,
 	  current_findex = 0;
       for(i=0; i<fragments; i++) {
 	    guint next_fragment_we_have = got[i];
+            if (next_fragment_we_have > MAX_FRAGMENTS) {
+              if (tree)
+                proto_tree_add_text(tree, tvb , 0, -1, "[Reassembly of %d fragments not attempted]", next_fragment_we_have);
+                return NULL;
+            }
         for(; current_findex<next_fragment_we_have; current_findex++) {
           frag = fragment_add_seq_check (dummytvb, 0, pinfo, seq,
             dcp_fragment_table, dcp_reassembled_table, current_findex, plen, (current_findex+1!=fcount));