From 279779062c5df0ef5780ed3dfadf87b606adaa71 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Tue, 22 Feb 2022 19:56:41 +0100
Subject: reader_util: fix infinite loop in packet dissection (#1454)

Found by oss-fuzz
See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44944
---
 example/reader_util.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'example/reader_util.c')

diff --git a/example/reader_util.c b/example/reader_util.c
index b16a1838c..6b22ef9cc 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -1719,14 +1719,14 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow,
 #ifdef DLT_IPV4
   case DLT_IPV4:
     type = ETH_P_IP;
-    ip_offset = 0;
+    ip_offset = eth_offset;
     break;
 #endif
 
 #ifdef DLT_IPV6
   case DLT_IPV6:
     type = ETH_P_IPV6;
-    ip_offset = 0;
+    ip_offset = eth_offset;
     break;
 #endif
 
@@ -1785,7 +1785,7 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow,
 	 (FCF_TO_DS(fc) == 0x0 && FCF_FROM_DS(fc)))
 	wifi_len = 26; /* + 4 byte fcs */
     } else   /* no data frames */
-      break;
+      return(nproto);
 
     /* Check ether_type from LLC */
     if(header->caplen < (eth_offset + wifi_len + radio_len + sizeof(struct ndpi_llc_header_snap)))
@@ -1799,7 +1799,7 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow,
     break;
 
   case DLT_RAW:
-    ip_offset = eth_offset = 0;
+    ip_offset = eth_offset;
     break;
 
   default:
-- 
cgit v1.2.3