RSVP: Fix an infinite loop

author Francois-Xavier Le Bail <[email protected]>

Tue, 6 Oct 2015 14:21:19 +0000 (16:21 +0200)

committer Francois-Xavier Le Bail <[email protected]>

Thu, 19 Nov 2015 14:00:43 +0000 (15:00 +0100)
author Francois-Xavier Le Bail <[email protected]>
Tue, 6 Oct 2015 14:21:19 +0000 (16:21 +0200)
committer Francois-Xavier Le Bail <[email protected]>
Thu, 19 Nov 2015 14:00:43 +0000 (15:00 +0100)
diff --git a/print-rsvp.c b/print-rsvp.c

index 263ef3d4656ac1f3d5d036ed36f930c36822ef68..91900a6d4ee119fdd42aa5c99c2e5995105b68c2 100644 (file)
--- a/print-rsvp.c
+++ b/print-rsvp.c
@@ -30,6 +30,8 @@
  #include "af.h"
  #include "signature.h"
  
+static const char istr[] = " (invalid)";
+
  /*
   * RFC 2205 common header
   *
@@ -1179,6 +1181,9 @@ _U_
                             tok2str(af_values, "Unknown", af), af,
                             subobj_len));
  
+                    if(subobj_len == 0)
+                        goto invalid;
+
                      switch(subobj_type) {
                      case RSVP_GEN_UNI_SUBOBJ_SOURCE_TNA_ADDRESS:
                      case RSVP_GEN_UNI_SUBOBJ_DESTINATION_TNA_ADDRESS:
@@ -1788,6 +1793,9 @@ _U_
          tlen-=rsvp_obj_len;
      }
      return 0;
+invalid:
+    ND_PRINT((ndo, "%s", istr));
+    return -1;
  trunc:
      ND_PRINT((ndo, "\n\t\t packet exceeded snapshot"));
      return -1;
author	Francois-Xavier Le Bail <[email protected]>
	Tue, 6 Oct 2015 14:21:19 +0000 (16:21 +0200)
committer	Francois-Xavier Le Bail <[email protected]>
	Thu, 19 Nov 2015 14:00:43 +0000 (15:00 +0100)