Check our field lengths. Should fix the recent randpkt errors.

svn path=/trunk/; revision=33481
author: Gerald Combs <gerald@wireshark.org> 2010-07-09 20:27:02 +0000
committer: Gerald Combs <gerald@wireshark.org> 2010-07-09 20:27:02 +0000
commit: b4a82269065fe59ee91d5534345b6f11a87ce462 (patch)
tree: 00f4f6290df77d083e179cb03795a3d117761770 /epan/dissectors/packet-gmhdr.c
parent: edb7f000dc5b342c311977c327be1bac0767ff06 (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/epan/dissectors/packet-gmhdr.c b/epan/dissectors/packet-gmhdr.c
index c3352aa343..12803e967f 100644
--- a/epan/dissectors/packet-gmhdr.c
+++ b/epan/dissectors/packet-gmhdr.c
@@ -33,6 +33,7 @@
 #include <epan/etypes.h>
 #include <epan/prefs.h>
 #include <epan/in_cksum.h>
+#include <epan/expert.h>
 
 #include "packet-ieee8023.h"
 
@@ -101,6 +102,11 @@ dissect_gmtlv(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *gmhdr_tree, gui
       case GMHDR_FTYPE_SRCPORT: {
         guint16 pid;
         guint32 tv = tvb_get_ntohl(tvb, offset) >> 8; /* Only 24-bit field */
+
+        if (fl != 3) {
+          expert_add_info_format(pinfo, gmhdr_tree, PI_MALFORMED, PI_ERROR, "Field length %u invalid", fl);
+          break;
+        }
         ti = proto_tree_add_item(gmhdr_tree, hf_gmhdr_srcport,      tvb, offset, fl, FALSE);
         srcport_tree = proto_item_add_subtree(ti, ett_srcport);
         proto_tree_add_item(srcport_tree, hf_gmhdr_srcport_plfm, tvb, offset, fl, FALSE);         
@@ -115,11 +121,19 @@ dissect_gmtlv(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *gmhdr_tree, gui
         break;
       }
       case GMHDR_FTYPE_PKTSIZE:
+        if (fl != 2) {
+          expert_add_info_format(pinfo, gmhdr_tree, PI_MALFORMED, PI_ERROR, "Field length %u invalid", fl);
+          break;
+        }
         proto_tree_add_item(gmhdr_tree, hf_gmhdr_pktsize, tvb, offset, fl, FALSE);
         break;
       case GMHDR_FTYPE_TIMESTAMP_LOCAL: 
       case GMHDR_FTYPE_TIMESTAMP_NTP:
       case GMHDR_FTYPE_TIMESTAMP_EXT:
+        if (fl != 8) {
+          expert_add_info_format(pinfo, gmhdr_tree, PI_MALFORMED, PI_ERROR, "Field length %u invalid", fl);
+          break;
+        }
         ti = proto_tree_add_item(gmhdr_tree, hf_gmhdr_timestamp, tvb, offset, fl, FALSE);
         proto_item_append_text(ti, "; Source: %s", val_to_str(tl>>8, gmhdr_ftype_timestamp, "Unknown")); 
         break;
author	Gerald Combs <gerald@wireshark.org>	2010-07-09 20:27:02 +0000
committer	Gerald Combs <gerald@wireshark.org>	2010-07-09 20:27:02 +0000
commit	b4a82269065fe59ee91d5534345b6f11a87ce462 (patch)
tree	00f4f6290df77d083e179cb03795a3d117761770 /epan/dissectors/packet-gmhdr.c
parent	edb7f000dc5b342c311977c327be1bac0767ff06 (diff)