diff options
| author | wmeier <wmeier@f5534014-38df-0310-8fa8-9805f1628bb7> | 2009-08-10 18:45:47 +0000 |
|---|---|---|
| committer | wmeier <wmeier@f5534014-38df-0310-8fa8-9805f1628bb7> | 2009-08-10 18:45:47 +0000 |
| commit | e2a00aec3aa2bcdc432ca2768f99f03f7ae0b8f2 (patch) | |
| tree | 07c75e0b739ffe3ee255beb79b53de8679946670 /epan/dissectors/packet-redbackli.c | |
| parent | 524dc1ad280ab4bb8676166e64a5a58e2022e1e0 (diff) | |
(Quick) fix for bug #3836;
Allow the DIR ("direction") AVP to be of variable length
(in the absence of any documentation for this protocol).
See the source for further comments.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@29367 f5534014-38df-0310-8fa8-9805f1628bb7
Diffstat (limited to 'epan/dissectors/packet-redbackli.c')
| -rw-r--r-- | epan/dissectors/packet-redbackli.c | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/epan/dissectors/packet-redbackli.c b/epan/dissectors/packet-redbackli.c index 18152389e9..88070b02b6 100644 --- a/epan/dissectors/packet-redbackli.c +++ b/epan/dissectors/packet-redbackli.c @@ -91,6 +91,12 @@ redbackli_dissect_avp(guint8 avptype, guint8 avplen, tvbuff_t *tvb, gint offset, if (!avplen) return; + /* XXX: ToDo: Validate the length (avplen) of the fixed length fields + before calling proto_tree_add_item(). + Note that the field lengths have been validated when + dissect_avp() is called from redbackli_dissect_heur(). + */ + switch(avptype) { case(RB_AVP_SEQNO): proto_tree_add_item(st, hf_redbackli_seqno, tvb, @@ -150,11 +156,11 @@ redbackli_dissect(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) len=tvb_length(tvb); offset=0; eoh=FALSE; - while(!eoh && len > 2) { + while(!eoh && (len > 2)) { avptype = tvb_get_guint8(tvb, offset+0); avplen = tvb_get_guint8(tvb, offset+1); - if (len < avplen+2) /* AVP Complete ? */ + if ((len-2) < avplen) /* AVP Complete ? */ break; if (tree) @@ -194,7 +200,7 @@ redbackli_dissect_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) * long .. Unknown AVPs also mean not for us ... * */ - while(len > 2 && !eoh) { + while((len > 2) && !eoh) { avptype = tvb_get_guint8(tvb, offset+0); avplen = tvb_get_guint8(tvb, offset+1); @@ -212,7 +218,7 @@ redbackli_dissect_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) eoh=TRUE; break; case(RB_AVP_LABEL): - case(RB_AVP_DIR): + case(RB_AVP_DIR): /* Is this correct? the hf_ originally had FT_UINT8 for DIR */ case(RB_AVP_ACCTID): break; default: @@ -245,7 +251,12 @@ void proto_register_redbackli(void) { { "Session Id", "redbackli.sessid", FT_UINT32, BASE_DEC, NULL, 0x0, "Session Identifier", HFILL }}, { &hf_redbackli_dir, +#if 0 /* XXX: If one goes by the heuristic then this field can be variable length ?? + In the absence of any documentation We'll assume that's the case + (even though 'direction' sounds like a fixed length field */ { "Direction", "redbackli.dir", FT_UINT8, BASE_DEC, NULL, 0x0, +#endif + { "Direction", "redbackli.dir", FT_BYTES, BASE_DEC, NULL, 0x0, NULL, HFILL }}, { &hf_redbackli_label, { "Label", "redbackli.label", FT_STRING, BASE_NONE, NULL, 0x0, |