ssh: fix the heuristic for MAC size determination

size_str points to a dash, so the result of calling ws_strtoi32 on it is a negative number, which becomes a huge positive number, because size is a guint32. Parse the number after the dash instead, and use ws_strtou32. Also, check that size is divisible by 8, since otherwise it's unlikely to be a bit length. Change-Id: I531f67d45e9e914574d36a9ffceed9239fd46d64 Reviewed-on: https://code.wireshark.org/review/19006 Reviewed-by: Graham Bloice <graham.bloice@trihedral.com> Petri-Dish: Graham Bloice <graham.bloice@trihedral.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Peter Wu <peter@lekensteyn.nl>
author: Роман Донченко <dpb@corrigendum.ru> 2016-12-01 23:25:55 +0300
committer: Peter Wu <peter@lekensteyn.nl> 2016-12-04 11:24:46 +0000
commit: 40ebfb9a6f180b5b6deb0ed727e38c98e848b6cb (patch)
tree: 0a06649b0027156f50ab1aab6c37353ac474ff80
parent: dd98856afce144eb19104a6f40c1abedc9069558 (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/epan/dissectors/packet-ssh.c b/epan/dissectors/packet-ssh.c
index acb077cfe3..c91553f909 100644
--- a/epan/dissectors/packet-ssh.c
+++ b/epan/dissectors/packet-ssh.c
@@ -1015,8 +1015,7 @@ ssh_set_mac_length(struct ssh_peer_data *peer_data)
     }
 
     size_str = g_strrstr(mac_name, "-");
-    ws_strtoi32(size_str, NULL, &size);
-    if (size_str && size > 0) {
+    if (size_str && ws_strtou32(size_str + 1, NULL, &size) && size > 0 && size % 8 == 0) {
         peer_data->mac_length = size / 8;
     }
     else if (strcmp(mac_name, "hmac-sha1") == 0) {
author	Роман Донченко <dpb@corrigendum.ru>	2016-12-01 23:25:55 +0300
committer	Peter Wu <peter@lekensteyn.nl>	2016-12-04 11:24:46 +0000
commit	40ebfb9a6f180b5b6deb0ed727e38c98e848b6cb (patch)
tree	0a06649b0027156f50ab1aab6c37353ac474ff80
parent	dd98856afce144eb19104a6f40c1abedc9069558 (diff)