diff options
author | Jeff Morriss <jeff.morriss.ws@gmail.com> | 2013-05-29 22:43:20 +0000 |
---|---|---|
committer | Jeff Morriss <jeff.morriss.ws@gmail.com> | 2013-05-29 22:43:20 +0000 |
commit | 34230e736db13e61c1e1f1cfb00cff2a9e3658d5 (patch) | |
tree | 09b36f6be31a63e366ddbd7d139aa7d28fc9454d /epan/dissectors/packet-http.c | |
parent | d98b0cc2318675d319ae28719e63b1af1eb6e236 (diff) |
Fix the infinite recursion problem reported in
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8733 :
We can't solely rely on the port in the URI to determine whether we will be
recursively called by decode_tcp_ports(). Instead also check the conversation
entry too: if we find that we are the subdissector for this conversation
(which we might be--without the port being in our list of ports--if we
heuristically picked up the conversation or the user did Decode-As),
just bail out and dissect the payload as data.
svn path=/trunk/; revision=49623
Diffstat (limited to 'epan/dissectors/packet-http.c')
-rw-r--r-- | epan/dissectors/packet-http.c | 28 |
1 files changed, 21 insertions, 7 deletions
diff --git a/epan/dissectors/packet-http.c b/epan/dissectors/packet-http.c index c2ecb6cb7d..d3d7f17dfd 100644 --- a/epan/dissectors/packet-http.c +++ b/epan/dissectors/packet-http.c @@ -1917,10 +1917,11 @@ http_payload_subdissector(tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo, http_conv_t *conv_data) { guint32 *ptr = NULL; - guint32 dissect_as, saved_port; + guint32 uri_port, saved_port, srcport, destport; gchar **strings; /* An array for splitting the request URI into hostname and port */ proto_item *item; proto_tree *proxy_tree; + conversation_t *conv; /* Grab the destination port number from the request URI to find the right subdissector */ strings = g_strsplit(conv_data->request_uri, ":", 2); @@ -1943,15 +1944,28 @@ http_payload_subdissector(tvbuff_t *tvb, proto_tree *tree, PROTO_ITEM_SET_GENERATED(item); } - /* We're going to get stuck in a loop if we let process_tcp_payload call - us, so call the data dissector instead for proxy connections to http ports. */ - dissect_as = (int)strtol(strings[1], NULL, 10); /* Convert string to a base-10 integer */ + uri_port = (int)strtol(strings[1], NULL, 10); /* Convert string to a base-10 integer */ - if (value_is_in_range(http_tcp_range, dissect_as)) { + if (value_is_in_range(http_tcp_range, pinfo->destport)) { + srcport = pinfo->srcport; + destport = uri_port; + } else { + srcport = uri_port; + destport = pinfo->destport; + } + + conv = find_conversation(PINFO_FD_NUM(pinfo), &pinfo->src, &pinfo->dst, PT_TCP, srcport, destport, 0); + + /* We may get stuck in a recursion loop if we let process_tcp_payload() call us. + * So, if the port in the URI is one we're registered for or we have set up a + * conversation (e.g., one we detected heuristically or via Decode-As) call the data + * dissector directly. + */ + if (value_is_in_range(http_tcp_range, uri_port) || (conv && conv->dissector_handle == http_handle)) { call_dissector(data_handle, tvb, pinfo, tree); } else { /* set pinfo->{src/dst port} and call the TCP sub-dissector lookup */ - if ( !ptr && value_is_in_range(http_tcp_range, pinfo->destport) ) + if (value_is_in_range(http_tcp_range, pinfo->destport)) ptr = &pinfo->destport; else ptr = &pinfo->srcport; @@ -1964,7 +1978,7 @@ http_payload_subdissector(tvbuff_t *tvb, proto_tree *tree, pinfo->can_desegment++; saved_port = *ptr; - *ptr = dissect_as; + *ptr = uri_port; decode_tcp_ports(tvb, 0, pinfo, tree, pinfo->srcport, pinfo->destport, NULL); *ptr = saved_port; |