From 072fdcb3a4a46706b7c7f8c207b06cdd6f376416 Mon Sep 17 00:00:00 2001
From: Michael Mann <mmann78@netscape.net>
Date: Tue, 29 Dec 2015 22:55:22 -0500
Subject: [PATCH 103/110] Prevent infinite loop in DNP3 dissector.

Bug: 11941
Change-Id: Icd59092a3139b8c22f3866017a093a8b1270f1b2
Reviewed-on: https://code.wireshark.org/review/12941
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit 0ca744582d4e560d26b7239bea93a135fd9fd884)
Reviewed-on: https://code.wireshark.org/review/14341
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
(cherry picked from commit d284d7e4a7cfae8b319d16c29f2a6e35760f86a4)
Reviewed-on: https://code.wireshark.org/review/14371
---
 epan/dissectors/packet-dnp.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/epan/dissectors/packet-dnp.c b/epan/dissectors/packet-dnp.c
index f7fe430..d1dcffb 100644
--- a/epan/dissectors/packet-dnp.c
+++ b/epan/dissectors/packet-dnp.c
@@ -2457,6 +2457,8 @@ dnp3_al_process_object(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree
 
         /* And increment the point address, may be overwritten by an index value */
         al_ptaddr++;
+      } else {
+        offset = data_pos;
       }
       if (start_offset > offset) {
         expert_add_info_format(pinfo, point_item, PI_MALFORMED, PI_ERROR, "Invalid length");
-- 
2.1.4