Ethereal-dev: [Ethereal-dev] packet-icq.c: protocol v5 dissector loop.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Matthijs Melchior <mmelchio@xxxxxxxxx>
Date: Wed, 27 Dec 2000 15:04:08 +0100
Hi,
	The icq dissector enters an endless loop when it finds a
protocol-v5 packet.  The code incorrectly uses sizeof() to get the
size of a previously allocated block of memory.

The attached patch corrects this.

-- 
----------------------------------------------------------------  -o)
Matthijs Melchior                                       Maarssen  /\\
mailto:mmelchio@xxxxxxxxx   +31 346 570616           Netherlands _\_v
---------------------------------------------------------------------
--- packet-icq.c-ORG	Fri Nov 24 11:56:22 2000
+++ packet-icq.c	Wed Dec 27 10:30:11 2000
@@ -2053,14 +2053,15 @@
     guint32 key = -1;
     guint16 pktsize = -1;		/* The size of the ICQ content */
     static u_char *decr_pd = NULL;	/* Decrypted content */
+    static guint decr_sz = 128;		/* Available decryption buffer size */
     
     pktsize = END_OF_FRAME;
 
     if (decr_pd == NULL)
-	decr_pd = (u_char *) g_malloc(sizeof (u_char) * 128);
+	decr_pd = (u_char *) g_malloc(sizeof (u_char) * decr_sz);
     
-    while (sizeof(decr_pd) < pktsize + 3)
-	decr_pd = (u_char *) g_realloc(decr_pd, sizeof (decr_pd) * 2);
+    while (decr_sz < pktsize + 3)
+	decr_pd = (u_char *) g_realloc(decr_pd, decr_sz *= 2);
     
     /* First copy the memory, we don't want to overwrite the old content */
     memcpy(decr_pd, &pd[offset], pktsize);