Ethereal-users: Re: [Ethereal-users] Packet crashes Ethereal

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Martin Regner" <martin.regner@xxxxxxxxx>
Date: Fri, 25 Oct 2002 21:24:50 +0200
Justin M. McNutt: wrote :
<I've got this telnet packet that makes ethereal (and tethereal) hang when trying to decode it.  Thanks to editcap, I was able to show <that it is this packet and only this packet that is creating the problem (attached).


The problem seems to be in the Telnet dissector in the telnet_sub_option subroutine.
The following lines seems to cause this:

  /* Search for an IAC. */
  len = tvb_length_remaining(tvb, offset);
  offset = tvb_find_guint8(tvb, offset, len, TN_IAC);
  if (offset == -1) {
    /* None found - run to the end of the packet. */
    offset += len;
  }

offset is 1344 at one stage and then offset is set to 32 (-1 + 33) and the dissector ends up looping through the packet forever.
.....  FF FF FF FA .................

On way to solve this could be to instead use a temporar variable instead of overwriting the offset variable
temp_offset = tvb_find_guint8(tvb,offset,len,TN_IAC) 
and only copy temp_offset  to the offset variable when temp_offset  is not equal to -1.
However there might be a better solution.

Regards,
  Martin