Infinite loop in SCTP parsing due to "unsigned int" variable

EricssonResearch / spindump

Spindump is an in-network latency measurement tool with support for QUIC and TCP

BSD 3-Clause "New" or "Revised" License

61 stars 17 forks source link

Infinite loop in SCTP parsing due to "unsigned int" variable #171

Closed MaximProshin closed 4 years ago

MaximProshin commented 4 years ago

The following peace of code works incorrectly after "remainingLen" variable became "unsigned int": spindump_analyze_sctp.c:

unsigned int remainingLen = (remainingCaplen < sctpLength) ? remainingCaplen : sctpLength;
...
while ( ( remainingLen > 0 ) && 
           (spindump_sctp_parse_error != 
            spindump_protocols_sctp_chunk_parse(position,&sctp_chunk,remainingLen)) ) {
...

jariarkko commented 4 years ago

Solved by merging MaximProshin's PR. Tested to work.