diff options
author | Peter Wu <peter@lekensteyn.nl> | 2017-04-18 16:28:52 +0200 |
---|---|---|
committer | Michael Mann <mmann78@netscape.net> | 2017-04-18 20:57:41 +0000 |
commit | 870b3d2c0f46addafb6a7dab4278de48edc33535 (patch) | |
tree | 3f6b707a57d060fec617bc110cd91ffb5df9979f /epan/dissectors/packet-netflow.c | |
parent | 31b7e165c8d31fc3f074017261410255f9a1b225 (diff) |
netflow: fix undefined shift
Treat any prefix length larger than 32 as 32 (effectively not masking
anything) and treat a zero-length prefix as the empty mask (matching
anything).
Change-Id: If96b03c2f76ff7624d50fefdf0b025ab373c07dc
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1152
Bug: 13607
Reviewed-on: https://code.wireshark.org/review/21189
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'epan/dissectors/packet-netflow.c')
-rw-r--r-- | epan/dissectors/packet-netflow.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/epan/dissectors/packet-netflow.c b/epan/dissectors/packet-netflow.c index 797cca7ec7..d5e35cf29f 100644 --- a/epan/dissectors/packet-netflow.c +++ b/epan/dissectors/packet-netflow.c @@ -2288,7 +2288,7 @@ static int dissect_v9_v10_options_template(tvbuff_t *tvb, packet_info *pinf static int dissect_v9_v10_data_template(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pdutree, int offset, int len, hdrinfo_t *hdrinfo_p, guint16 flowset_id); -static const gchar *getprefix(const guint32 *address, int prefix); +static const gchar *getprefix(const guint32 *address, unsigned prefix); static int flow_process_ints(proto_tree *pdutree, tvbuff_t *tvb, int offset); @@ -7709,12 +7709,18 @@ dissect_pdu(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *pdutree, int offs } static const gchar * -getprefix(const guint32 *addr, int prefix) +getprefix(const guint32 *addr, unsigned prefix) { guint32 gprefix; address prefix_addr; - gprefix = *addr & g_htonl((0xffffffff << (32 - prefix))); + if (prefix == 0) { + gprefix = 0; + } else if (prefix < 32) { + gprefix = *addr & g_htonl((0xffffffff << (32 - prefix))); + } else { + gprefix = *addr; + } set_address(&prefix_addr, AT_IPv4, 4, &gprefix); return address_to_str(wmem_packet_scope(), &prefix_addr); |