https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6687
Martin Kaiser <wireshark@xxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |wireshark@xxxxxxxxx
--- Comment #1 from Martin Kaiser <wireshark@xxxxxxxxx> 2011-12-29 10:25:47 PST ---
I've had a quick look though I'm not really familiar with that protocol.
The problem is in dissect_packetbb(), offset remains 1 in the while loop.
In dissect_pbb_message(), header, tlvblock and (optional) address blocks are
dissected. After the header, offset is already larger than the entire message.
dissect_pbb_tlvblock() tries to correct this by setting offset to 1 :-(
My understanding is that a tlvblock is mandatory
http://tools.ietf.org/html/rfc5444#section-5.2
When there's an overflow before the tlvblock, dissect_pbb_tlvblock() should not
be called.
The attached patch corrects this.
Best regards,
Martin
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
