Wireshark-commits: [Wireshark-commits] master-1.12 9069d7b: hip: fix infinite loop in dissect_hip_t
From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Wed, 13 Aug 2014 02:49:23 +0000 (UTC)
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9069d7b74aee0ea950a833ac2c41ee955b0e85a4
Submitter: Evan Huus (eapache@xxxxxxxxx)
Changed: branch: master-1.12
Repository: wireshark

Commits:

9069d7b by Evan Huus (eapache@xxxxxxxxx):

    hip: fix infinite loop in dissect_hip_tlv
    
    We can't use tree_item == NULL to determine which branch of the previous if was
    hit, since proto_tree_add_item can return NULL when run without tree, which was
    leading to an infinite loop since we were never advancing the offset. Use the
    actual locator_type instead.
    
    Introduced by either g3635d7bed70 or gebff85fdbb although neither of them
    directly touch this code path. I'm guess that g3635d7bed70 removed an if (tree)
    guard in some calling function which would have prevented this, but I haven't
    checked. The bug would still have been there before, it just wouldn't have been
    hit because it's only present with a NULL tree. Somebody more familiar with the
    protocol should probably go over a capture or two and make sure this isn't a
    symptom of some other decoding gone awry in the recent changes.
    
    Change-Id: Ie1ce89b16ef667b437c0d99c25e3f3cb2504347d
    Reviewed-on: https://code.wireshark.org/review/3564
    Reviewed-by: Evan Huus <eapache@xxxxxxxxx>
    (cherry picked from commit d9e5021fe79973d00ddd8fcef0bbefbaae63dd0f)
    Reviewed-on: https://code.wireshark.org/review/3567
    

Actions performed:

    from  afce994   When checking if a message is Diameter also check for a minimum message length.
    adds  9069d7b   hip: fix infinite loop in dissect_hip_tlv


Summary of changes:
 epan/dissectors/packet-hip.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)