diff options
author | Martin Kaiser <wireshark@kaiser.cx> | 2013-12-23 09:42:10 +0000 |
---|---|---|
committer | Martin Kaiser <wireshark@kaiser.cx> | 2013-12-23 09:42:10 +0000 |
commit | 0566944f171a6ad7afe11c67c29e37a54761a761 (patch) | |
tree | d89837f90636d97b5583f4650224bbe6289c8251 /epan/dissectors/packet-http2.c | |
parent | eb3ff1396fbda59351b88872ea137d2b066b5b91 (diff) |
correct http2 detection
check the input tvb's length before doing tvb_get_guint8(tvb,2)
reject a short packet, don't throw an exception
svn path=/trunk/; revision=54376
Diffstat (limited to 'epan/dissectors/packet-http2.c')
-rw-r--r-- | epan/dissectors/packet-http2.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/epan/dissectors/packet-http2.c b/epan/dissectors/packet-http2.c index db99a70e2b..514f6ce1cc 100644 --- a/epan/dissectors/packet-http2.c +++ b/epan/dissectors/packet-http2.c @@ -612,9 +612,12 @@ dissect_http2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, static gboolean dissect_http2_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { - /* Check there is Magic Hello ( PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n ) or type is > 10 (May be leak) */ - if (tvb_memeql(tvb, 0, kMagicHello, MAGIC_FRAME_LENGTH) != 0 && tvb_get_guint8(tvb, 2) > 10) - return (FALSE); + if (tvb_memeql(tvb, 0, kMagicHello, MAGIC_FRAME_LENGTH) != 0) { + /* we couldn't find the Magic Hello (PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n) + see if there's a valid frame type (0-10 are defined at the moment) */ + if (tvb_reported_length(tvb)<2 || tvb_get_guint8(tvb, 2)>10) + return (FALSE); + } dissect_http2(tvb, pinfo, tree, data); |