diff options
author | Роман Донченко <dpb@corrigendum.ru> | 2016-12-01 23:25:55 +0300 |
---|---|---|
committer | Peter Wu <peter@lekensteyn.nl> | 2016-12-04 11:24:46 +0000 |
commit | 40ebfb9a6f180b5b6deb0ed727e38c98e848b6cb (patch) | |
tree | 0a06649b0027156f50ab1aab6c37353ac474ff80 | |
parent | dd98856afce144eb19104a6f40c1abedc9069558 (diff) |
ssh: fix the heuristic for MAC size determination
size_str points to a dash, so the result of calling ws_strtoi32 on it is
a negative number, which becomes a huge positive number, because size is
a guint32.
Parse the number after the dash instead, and use ws_strtou32.
Also, check that size is divisible by 8, since otherwise it's unlikely
to be a bit length.
Change-Id: I531f67d45e9e914574d36a9ffceed9239fd46d64
Reviewed-on: https://code.wireshark.org/review/19006
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
-rw-r--r-- | epan/dissectors/packet-ssh.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/epan/dissectors/packet-ssh.c b/epan/dissectors/packet-ssh.c index acb077cfe3..c91553f909 100644 --- a/epan/dissectors/packet-ssh.c +++ b/epan/dissectors/packet-ssh.c @@ -1015,8 +1015,7 @@ ssh_set_mac_length(struct ssh_peer_data *peer_data) } size_str = g_strrstr(mac_name, "-"); - ws_strtoi32(size_str, NULL, &size); - if (size_str && size > 0) { + if (size_str && ws_strtou32(size_str + 1, NULL, &size) && size > 0 && size % 8 == 0) { peer_data->mac_length = size / 8; } else if (strcmp(mac_name, "hmac-sha1") == 0) { |