correct http2 detection

check the input tvb's length before doing tvb_get_guint8(tvb,2) reject a short packet, don't throw an exception svn path=/trunk/; revision=54376
author: Martin Kaiser <wireshark@kaiser.cx> 2013-12-23 09:42:10 +0000
committer: Martin Kaiser <wireshark@kaiser.cx> 2013-12-23 09:42:10 +0000
commit: 0566944f171a6ad7afe11c67c29e37a54761a761 (patch)
tree: d89837f90636d97b5583f4650224bbe6289c8251 /epan/dissectors/packet-http2.c
parent: eb3ff1396fbda59351b88872ea137d2b066b5b91 (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/epan/dissectors/packet-http2.c b/epan/dissectors/packet-http2.c
index db99a70e2b..514f6ce1cc 100644
--- a/epan/dissectors/packet-http2.c
+++ b/epan/dissectors/packet-http2.c
@@ -612,9 +612,12 @@ dissect_http2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
 static gboolean
 dissect_http2_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
 {
-    /* Check there is Magic Hello ( PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n ) or type is > 10 (May be leak) */
-    if (tvb_memeql(tvb, 0, kMagicHello, MAGIC_FRAME_LENGTH) != 0 && tvb_get_guint8(tvb, 2) > 10)
-        return (FALSE);
+    if (tvb_memeql(tvb, 0, kMagicHello, MAGIC_FRAME_LENGTH) != 0) {
+        /* we couldn't find the Magic Hello (PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n)
+           see if there's a valid frame type (0-10 are defined at the moment) */
+        if (tvb_reported_length(tvb)<2 || tvb_get_guint8(tvb, 2)>10)
+            return (FALSE);
+    }
 
     dissect_http2(tvb, pinfo, tree, data);
author	Martin Kaiser <wireshark@kaiser.cx>	2013-12-23 09:42:10 +0000
committer	Martin Kaiser <wireshark@kaiser.cx>	2013-12-23 09:42:10 +0000
commit	0566944f171a6ad7afe11c67c29e37a54761a761 (patch)
tree	d89837f90636d97b5583f4650224bbe6289c8251 /epan/dissectors/packet-http2.c
parent	eb3ff1396fbda59351b88872ea137d2b066b5b91 (diff)