diff options
| author | Pascal Quantin <pascal.quantin@gmail.com> | 2018-01-18 11:54:24 +0100 |
|---|---|---|
| committer | Pascal Quantin <pascal.quantin@gmail.com> | 2018-01-18 12:08:45 +0000 |
| commit | 8791e0b61ff9a5b460932b16e77c7091a23f9c4e (patch) | |
| tree | 2b6ba2832148e3dee5e9ee8a7876055fe19ff867 | |
| parent | de0872971ad613b865464e160f30c4c4f0519bc7 (diff) | |
3GPP NAS: rework PCO loop to better report extra data at the end of the payload
This will help identifying that the packet contains unexpected data at the end
rather than triggering a malformed error when trying to fetch outside of
the tvb.
Change-Id: Ieb71204f3c364e809447157e7a71c3eb92620d85
Reviewed-on: https://code.wireshark.org/review/25366
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
| -rw-r--r-- | epan/dissectors/packet-gsm_a_gm.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/epan/dissectors/packet-gsm_a_gm.c b/epan/dissectors/packet-gsm_a_gm.c index 69c749cc25..1d74f0a315 100644 --- a/epan/dissectors/packet-gsm_a_gm.c +++ b/epan/dissectors/packet-gsm_a_gm.c @@ -4500,13 +4500,13 @@ de_sm_pco(tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo, guint32 offset, g { proto_item *generated_item; guint32 curr_offset; - guint curr_len; + gint curr_len; guchar oct; int link_dir; proto_item *pco_item; proto_tree *pco_tree; - curr_len = len; + curr_len = (gint)len; /* length field is only 1 or 2 bytes long */ curr_offset = offset; oct = tvb_get_guint8(tvb, curr_offset); @@ -4530,7 +4530,7 @@ de_sm_pco(tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo, guint32 offset, g curr_len--; curr_offset++; - while (curr_len > 0) + while (curr_len >= 3) /* 2 bytes protocol/container ID + 1 byte length */ { guchar e_len; guint16 prot; @@ -4693,15 +4693,17 @@ de_sm_pco(tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo, guint32 offset, g } } } - curr_len -= e_len; curr_offset += e_len; } - curr_offset += curr_len; - EXTRANEOUS_DATA_CHECK(len, curr_offset - offset, pinfo, &ei_gsm_a_gm_extraneous_data); + if (curr_len < 0) { + proto_tree_add_expert(tree, pinfo, &ei_gsm_a_gm_not_enough_data, tvb, offset, len); + } else { + EXTRANEOUS_DATA_CHECK(len, curr_offset - offset, pinfo, &ei_gsm_a_gm_extraneous_data); + } - return (curr_offset - offset); + return len; } /* |