From: Francois-Xavier Le Bail <fx.lebail@yahoo.com>
Date: Tue, 6 Oct 2015 14:21:19 +0000 (+0200)
Subject: RSVP: Fix an infinite loop
X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/0a8be4c876ca55377038332511d8ffe57b8ce667

RSVP: Fix an infinite loop
---

diff --git a/print-rsvp.c b/print-rsvp.c
index 263ef3d4..91900a6d 100644
--- a/print-rsvp.c
+++ b/print-rsvp.c
@@ -30,6 +30,8 @@
 #include "af.h"
 #include "signature.h"
 
+static const char istr[] = " (invalid)";
+
 /*
  * RFC 2205 common header
  *
@@ -1179,6 +1181,9 @@ _U_
                            tok2str(af_values, "Unknown", af), af,
                            subobj_len));
 
+                    if(subobj_len == 0)
+                        goto invalid;
+
                     switch(subobj_type) {
                     case RSVP_GEN_UNI_SUBOBJ_SOURCE_TNA_ADDRESS:
                     case RSVP_GEN_UNI_SUBOBJ_DESTINATION_TNA_ADDRESS:
@@ -1788,6 +1793,9 @@ _U_
         tlen-=rsvp_obj_len;
     }
     return 0;
+invalid:
+    ND_PRINT((ndo, "%s", istr));
+    return -1;
 trunc:
     ND_PRINT((ndo, "\n\t\t packet exceeded snapshot"));
     return -1;