From Pascal Quantin:
authorjake <jake@f5534014-38df-0310-8fa8-9805f1628bb7>
Fri, 20 Jan 2012 07:49:12 +0000 (07:49 +0000)
committerjake <jake@f5534014-38df-0310-8fa8-9805f1628bb7>
Fri, 20 Jan 2012 07:49:12 +0000 (07:49 +0000)
Some test equipments can send weird Protocol Configuration Options IE in the
Attach Accept message with an empty protocol identifier content. Wireshark
will trigger an assert when dissecting those messages because it does not
check the tvb length before calling the sub dissector.
With checking the protocol identifier length before calling the sub dissector,
the PCO is decoded correctly.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@40604 f5534014-38df-0310-8fa8-9805f1628bb7

epan/dissectors/packet-gsm_a_gm.c

index c1b3f8a..bbcd9af 100644 (file)
@@ -3771,25 +3771,27 @@ de_sm_pco(tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo, guint32 offset, g
                                break;
                        default:
                        {
-                               handle = dissector_get_uint_handle ( gprs_sm_pco_subdissector_table , prot );
-                               if ( handle != NULL )
-                               {
-                                       /*
-                                        * dissect the embedded message
-                                        */
-                                       l3_tvb = tvb_new_subset(tvb, curr_offset, e_len, e_len);
-                                       /* In this case we do not want the columns updated */
-                                       col_set_writable(pinfo->cinfo, FALSE);
-                                       call_dissector(handle, l3_tvb , pinfo  , tree );
-                                       col_set_writable(pinfo->cinfo, TRUE);
-                               }
-                               else
-                               {
-                                       /*
-                                       * dissect the embedded DATA message
-                                       */
-                                       l3_tvb = tvb_new_subset(tvb, curr_offset, e_len, e_len);
-                                       call_dissector(data_handle, l3_tvb, pinfo , tree);
+                               if (e_len > 0) {
+                                       handle = dissector_get_uint_handle ( gprs_sm_pco_subdissector_table , prot );
+                                       if ( handle != NULL )
+                                       {
+                                               /*
+                                                * dissect the embedded message
+                                                */
+                                               l3_tvb = tvb_new_subset(tvb, curr_offset, e_len, e_len);
+                                               /* In this case we do not want the columns updated */
+                                               col_set_writable(pinfo->cinfo, FALSE);
+                                               call_dissector(handle, l3_tvb , pinfo  , tree );
+                                               col_set_writable(pinfo->cinfo, TRUE);
+                                       }
+                                       else
+                                       {
+                                               /*
+                                                * dissect the embedded DATA message
+                                                */
+                                               l3_tvb = tvb_new_subset(tvb, curr_offset, e_len, e_len);
+                                               call_dissector(data_handle, l3_tvb, pinfo , tree);
+                                       }
                                }
                        }
                }