From 782e7db8c0d40207d9ad671347e1e299f5c2e1da Mon Sep 17 00:00:00 2001
From: Uli Heilmeier <uh@heilmeier.eu>
Date: Sat, 5 Feb 2022 15:29:46 +0100
Subject: PER: Check length calling tvb_new_octet_aligned()

Fix calling tvb_new_octet_aligned() with length == 0

Related to #17890 case 17
---
 epan/dissectors/packet-per.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/epan/dissectors/packet-per.c b/epan/dissectors/packet-per.c
index 82d842f16a..c6f97f015f 100644
--- a/epan/dissectors/packet-per.c
+++ b/epan/dissectors/packet-per.c
@@ -1004,6 +1004,9 @@ dissect_per_any_oid(tvbuff_t *tvb, guint32 offset, asn1_ctx_t *actx, proto_tree
 	DEBUG_ENTRY("dissect_per_any_oid");
 
 	offset = dissect_per_length_determinant(tvb, offset, actx, tree, hf_per_object_identifier_length, &length, NULL);
+	if(length == 0){
+		dissect_per_not_decoded_yet(tree, actx->pinfo, tvb, "unexpected length");
+	}
 	if (actx->aligned) BYTE_ALIGN_OFFSET(offset);
 	val_tvb = tvb_new_octet_aligned(tvb, offset, length * 8);
 	/* Add new data source if the offet was unaligned */
@@ -1672,6 +1675,9 @@ dissect_per_real(tvbuff_t *tvb, guint32 offset, asn1_ctx_t *actx, proto_tree *tr
 	double val = 0;
 
 	offset = dissect_per_length_determinant(tvb, offset, actx, tree, hf_per_real_length, &val_length, NULL);
+	if(val_length == 0){
+		dissect_per_not_decoded_yet(tree, actx->pinfo, tvb, "unexpected length");
+	}
 	if (actx->aligned) BYTE_ALIGN_OFFSET(offset);
 	val_tvb = tvb_new_octet_aligned(tvb, offset, val_length * 8);
 	/* Add new data source if the offet was unaligned */
@@ -2699,6 +2705,9 @@ call_per_oid_callback(const char *oid, tvbuff_t *tvb, packet_info *pinfo, proto_
 
 	start_offset = offset;
 	offset = dissect_per_length_determinant(tvb, offset, actx, tree, hf_per_open_type_length, &type_length, NULL);
+	if(type_length == 0){
+		dissect_per_not_decoded_yet(tree, actx->pinfo, tvb, "unexpected length");
+	}
 	if (actx->aligned) BYTE_ALIGN_OFFSET(offset);
 	end_offset = offset + type_length;
 
-- 
cgit v1.2.3