Bluetooth: ACL/AVDTP: Fix ACL session handling

In case like reusing "connection handle" number in next connection
(2 -> 3 -> 2 again) AVDTP dissector does not properly dissected packets
(it should be Signal, but dissect as Media).

Add expert error to all packets that are not in ACL connection. This will
show invalid packages (send after dissconnect), however incomplete
(mostly beginning) connection will be marked too, but I think it have more
pros than cons.

Change-Id: I29cf706600cb12c8b93d0188dd2fba18dd5eba88
Reviewed-on: https://code.wireshark.org/review/4167
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>

1 files changed, 18 insertions, 4 deletions

diff --git a/epan/dissectors/packet-btavdtp.c b/epan/dissectors/packet-btavdtp.c
index 36e5c00815..34ed726b6f 100644
--- a/epan/dissectors/packet-btavdtp.c
+++ b/epan/dissectors/packet-btavdtp.c
@@ -1303,10 +1303,14 @@ dissect_btavdtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
     subtree = (wmem_tree_t *) wmem_tree_lookup32_array(channels, key);
     channels_info = (subtree) ? (channels_info_t *) wmem_tree_lookup32_le(subtree, frame_number) : NULL;
     if (!(channels_info &&
-            *channels_info->adapter_disconnect_in_frame >= pinfo->fd->num &&
+            ((*channels_info->adapter_disconnect_in_frame >= pinfo->fd->num &&
             *channels_info->hci_disconnect_in_frame >= pinfo->fd->num &&
             *channels_info->l2cap_disconnect_in_frame >= pinfo->fd->num &&
-            channels_info->disconnect_in_frame >= pinfo->fd->num)) {
+            channels_info->disconnect_in_frame >= pinfo->fd->num) ||
+            (*channels_info->adapter_disconnect_in_frame == 0 ||
+            *channels_info->hci_disconnect_in_frame == 0 ||
+            *channels_info->l2cap_disconnect_in_frame == 0 ||
+            channels_info->disconnect_in_frame == 0)))) {
 
         channels_info = (channels_info_t *) wmem_new (wmem_file_scope(), channels_info_t);
         channels_info->control_local_cid = l2cap_data->local_cid;
@@ -1319,14 +1323,24 @@ dissect_btavdtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
         channels_info->adapter_disconnect_in_frame = l2cap_data->adapter_disconnect_in_frame;
         channels_info->sep = NULL;
 
-        if (!pinfo->fd->flags.visited) {
+        if (!pinfo->fd->flags.visited || (
+                *channels_info->adapter_disconnect_in_frame == 0 ||
+                *channels_info->hci_disconnect_in_frame == 0 ||
+                *channels_info->l2cap_disconnect_in_frame == 0 ||
+                channels_info->disconnect_in_frame == 0)) {
             key[4].length = 1;
             key[4].key    = &frame_number;
             key[5].length = 0;
             key[5].key    = NULL;
 
             channels_info->stream_numbers = wmem_tree_new(wmem_file_scope());
-            wmem_tree_insert32_array(channels, key, channels_info);
+
+            if (*channels_info->adapter_disconnect_in_frame > 0 &&
+                    *channels_info->hci_disconnect_in_frame > 0 &&
+                    *channels_info->l2cap_disconnect_in_frame > 0 &&
+                    channels_info->disconnect_in_frame > 0) {
+                wmem_tree_insert32_array(channels, key, channels_info);
+            }
         } else {
             channels_info->stream_numbers = NULL;
         }