diff options
| author | jake <jake@f5534014-38df-0310-8fa8-9805f1628bb7> | 2012-01-20 07:49:12 +0000 |
|---|---|---|
| committer | jake <jake@f5534014-38df-0310-8fa8-9805f1628bb7> | 2012-01-20 07:49:12 +0000 |
| commit | c2e97f34f7d82bbe51ac1c2974167605b5d9e7f1 (patch) | |
| tree | 71e9ec76b7eb9fb721ef4aa7f63544828952736e /epan/dissectors/packet-gsm_a_gm.c | |
| parent | 7906897b117af96f6c22a55bd7933139d3d282ab (diff) | |
From Pascal Quantin:
Some test equipments can send weird Protocol Configuration Options IE in the
Attach Accept message with an empty protocol identifier content. Wireshark
will trigger an assert when dissecting those messages because it does not
check the tvb length before calling the sub dissector.
With checking the protocol identifier length before calling the sub dissector,
the PCO is decoded correctly.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@40604 f5534014-38df-0310-8fa8-9805f1628bb7
Diffstat (limited to 'epan/dissectors/packet-gsm_a_gm.c')
| -rw-r--r-- | epan/dissectors/packet-gsm_a_gm.c | 40 |
1 files changed, 21 insertions, 19 deletions
diff --git a/epan/dissectors/packet-gsm_a_gm.c b/epan/dissectors/packet-gsm_a_gm.c index c1b3f8ac51..bbcd9afb69 100644 --- a/epan/dissectors/packet-gsm_a_gm.c +++ b/epan/dissectors/packet-gsm_a_gm.c @@ -3771,25 +3771,27 @@ de_sm_pco(tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo, guint32 offset, g break; default: { - handle = dissector_get_uint_handle ( gprs_sm_pco_subdissector_table , prot ); - if ( handle != NULL ) - { - /* - * dissect the embedded message - */ - l3_tvb = tvb_new_subset(tvb, curr_offset, e_len, e_len); - /* In this case we do not want the columns updated */ - col_set_writable(pinfo->cinfo, FALSE); - call_dissector(handle, l3_tvb , pinfo , tree ); - col_set_writable(pinfo->cinfo, TRUE); - } - else - { - /* - * dissect the embedded DATA message - */ - l3_tvb = tvb_new_subset(tvb, curr_offset, e_len, e_len); - call_dissector(data_handle, l3_tvb, pinfo , tree); + if (e_len > 0) { + handle = dissector_get_uint_handle ( gprs_sm_pco_subdissector_table , prot ); + if ( handle != NULL ) + { + /* + * dissect the embedded message + */ + l3_tvb = tvb_new_subset(tvb, curr_offset, e_len, e_len); + /* In this case we do not want the columns updated */ + col_set_writable(pinfo->cinfo, FALSE); + call_dissector(handle, l3_tvb , pinfo , tree ); + col_set_writable(pinfo->cinfo, TRUE); + } + else + { + /* + * dissect the embedded DATA message + */ + l3_tvb = tvb_new_subset(tvb, curr_offset, e_len, e_len); + call_dissector(data_handle, l3_tvb, pinfo , tree); + } } } } |