Justin M. McNutt: wrote :
<I've got this telnet packet that makes ethereal (and tethereal) hang when trying to
decode it. Thanks to editcap, I was able to show <that it is this packet and only
this packet that is creating the problem (attached).
The problem seems to be in the Telnet dissector in the telnet_sub_option subroutine.
The following lines seems to cause this:
/* Search for an IAC. */
len = tvb_length_remaining(tvb, offset);
offset = tvb_find_guint8(tvb, offset, len, TN_IAC);
if (offset == -1) {
/* None found - run to the end of the packet. */
offset += len;
}
offset is 1344 at one stage and then offset is set to 32 (-1 + 33) and the dissector
ends up looping through the packet forever.
..... FF FF FF FA .................
On way to solve this could be to instead use a temporar variable instead of
overwriting the offset variable
temp_offset = tvb_find_guint8(tvb,offset,len,TN_IAC)
and only copy temp_offset to the offset variable when temp_offset is not equal to -1.
However there might be a better solution.
Regards,
Martin
