diff options
author | Jakub Zawadzki <darkjames-ws@darkjames.pl> | 2013-07-27 17:17:15 +0000 |
---|---|---|
committer | Jakub Zawadzki <darkjames-ws@darkjames.pl> | 2013-07-27 17:17:15 +0000 |
commit | da170f1d049a16d04d1c7c7d8e2bacda6e09b2d0 (patch) | |
tree | e124f7f81914b0becb25045c9fcd3d27b89db111 /epan/dfilter/semcheck.c | |
parent | 9e33a6bade884a868593e650314cb229dbea345c (diff) |
Fix bug #8979: Comparing function call and a range in the filter crashes Wireshark
store whole node, don't assume it's always STTYPE_FIELD
svn path=/trunk/; revision=50949
Diffstat (limited to 'epan/dfilter/semcheck.c')
-rw-r--r-- | epan/dfilter/semcheck.c | 68 |
1 files changed, 47 insertions, 21 deletions
diff --git a/epan/dfilter/semcheck.c b/epan/dfilter/semcheck.c index 3a82d8d332..d37fe153b5 100644 --- a/epan/dfilter/semcheck.c +++ b/epan/dfilter/semcheck.c @@ -382,14 +382,14 @@ struct check_drange_sanity_args { gboolean err; }; -/* Q: Where are sttype_range_drange() and sttype_range_hfinfo() defined? +/* Q: Where are sttype_range_drange() and sttype_range_entity() defined? * * A: Those functions are defined by macros in epan/dfilter/sttype-range.h * * The macro which creates them, STTYPE_ACCESSOR, is defined in * epan/dfilter/syntax-tree.h. * - * From http://www.ethereal.com/lists/ethereal-dev/200308/msg00070.html + * From http://www.wireshark.org/lists/ethereal-dev/200308/msg00070.html */ static void @@ -398,6 +398,7 @@ check_drange_node_sanity(gpointer data, gpointer user_data) drange_node* drnode = (drange_node*)data; struct check_drange_sanity_args *args = (struct check_drange_sanity_args*)user_data; gint start_offset, end_offset, length; + stnode_t *entity; header_field_info *hfinfo; switch (drange_node_get_ending(drnode)) { @@ -408,12 +409,20 @@ check_drange_node_sanity(gpointer data, gpointer user_data) if (!args->err) { args->err = TRUE; start_offset = drange_node_get_start_offset(drnode); - hfinfo = sttype_range_hfinfo(args->st); - dfilter_fail("Range %d:%d specified for \"%s\" isn't valid, " - "as length %d isn't positive", - start_offset, length, - hfinfo->abbrev, - length); + entity = sttype_range_entity(args->st); + if (entity && stnode_type_id(entity) == STTYPE_FIELD) { + hfinfo = stnode_data(entity); + + dfilter_fail("Range %d:%d specified for \"%s\" isn't valid, " + "as length %d isn't positive", + start_offset, length, + hfinfo->abbrev, + length); + } else + dfilter_fail("Range %d:%d isn't valid, " + "as length %d isn't positive", + start_offset, length, + length); } } break; @@ -434,12 +443,21 @@ check_drange_node_sanity(gpointer data, gpointer user_data) if (start_offset > end_offset) { if (!args->err) { args->err = TRUE; - hfinfo = sttype_range_hfinfo(args->st); - dfilter_fail("Range %d-%d specified for \"%s\" isn't valid, " - "as %d is greater than %d", - start_offset, end_offset, - hfinfo->abbrev, - start_offset, end_offset); + entity = sttype_range_entity(args->st); + if (entity && stnode_type_id(entity) == STTYPE_FIELD) { + hfinfo = stnode_data(entity); + + dfilter_fail("Range %d-%d specified for \"%s\" isn't valid, " + "as %d is greater than %d", + start_offset, end_offset, + hfinfo->abbrev, + start_offset, end_offset); + + } else + dfilter_fail("Range %d-%d isn't valid, " + "as %d is greater than %d", + start_offset, end_offset, + start_offset, end_offset); } } break; @@ -830,6 +848,7 @@ check_relation_LHS_RANGE(const char *relation_string, FtypeCanFunc can_func _U_, { stnode_t *new_st; sttype_id_t type2; + stnode_t *entity1; header_field_info *hfinfo1, *hfinfo2; df_func_def_t *funcdef; ftenum_t ftype1, ftype2; @@ -838,15 +857,22 @@ check_relation_LHS_RANGE(const char *relation_string, FtypeCanFunc can_func _U_, drange_node *rn; int len_range; - type2 = stnode_type_id(st_arg2); - hfinfo1 = sttype_range_hfinfo(st_arg1); - ftype1 = hfinfo1->type; - DebugLog((" 5 check_relation_LHS_RANGE(%s)\n", relation_string)); - if (!ftype_can_slice(ftype1)) { - dfilter_fail("\"%s\" is a %s and cannot be sliced into a sequence of bytes.", - hfinfo1->abbrev, ftype_pretty_name(ftype1)); + type2 = stnode_type_id(st_arg2); + entity1 = sttype_range_entity(st_arg1); + if (entity1 && stnode_type_id(entity1) == STTYPE_FIELD) { + hfinfo1 = stnode_data(entity1); + ftype1 = hfinfo1->type; + + if (!ftype_can_slice(ftype1)) { + dfilter_fail("\"%s\" is a %s and cannot be sliced into a sequence of bytes.", + hfinfo1->abbrev, ftype_pretty_name(ftype1)); + THROW(TypeError); + } + } else { + dfilter_fail("Range is not supported, details: " G_STRLOC " entity: %p of type %d", + entity1, entity1 ? stnode_type_id(entity1) : -1); THROW(TypeError); } |