From fb1e26fe6a6d333572cd7d448c6a9c58fd81dbd0 Mon Sep 17 00:00:00 2001 From: Guy Harris Date: Thu, 17 Jan 2002 06:29:20 +0000 Subject: Use the "fragmented" field of the "packet_info" structure in "dissect_frame()" to indicate whether a ReportedBoundsError was due to the packet being malformed (i.e., the packet was shorter than it's supposed to be, so the dissector went past the end trying to extract fields that were supposed to be there) or due to it not being reassembled (i.e., the packet was fragmented, and we didn't reassemble it, but just treated the first fragment as the entire packet, so the dissector went past the end trying to extract fields that were partially or completely in fragments after that). Mark the latter as being unreasembled rather than malformed. Properly initialize, save, and restore that field, and properly set it, so that works. svn path=/trunk/; revision=4555 --- epan/packet.c | 5 +++-- packet-clnp.c | 14 ++++++++++---- packet-frame.c | 39 ++++++++++++++++++++++++++++++++------- packet-ip.c | 8 ++++++-- packet-ipv6.c | 6 +++++- packet-smb-pipe.c | 6 +++++- packet-smb.c | 40 +++++++++++++++++++++++++--------------- packet-wtp.c | 5 ++++- 8 files changed, 90 insertions(+), 33 deletions(-) diff --git a/epan/packet.c b/epan/packet.c index 2d240d166f..4389353a86 100644 --- a/epan/packet.c +++ b/epan/packet.c @@ -1,7 +1,7 @@ /* packet.c * Routines for packet disassembly * - * $Id: packet.c,v 1.56 2002/01/05 04:12:16 gram Exp $ + * $Id: packet.c,v 1.57 2002/01/17 06:29:20 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -194,9 +194,10 @@ dissect_packet(epan_dissect_t *edt, union wtap_pseudo_header *pseudo_header, edt->pi.net_dst.type = AT_NONE; edt->pi.src.type = AT_NONE; edt->pi.dst.type = AT_NONE; - edt->pi.ethertype = 0; + edt->pi.ethertype = 0; edt->pi.ipproto = 0; edt->pi.ipxptype = 0; + edt->pi.fragmented = FALSE; edt->pi.in_error_pkt = FALSE; edt->pi.ptype = PT_NONE; edt->pi.srcport = 0; diff --git a/packet-clnp.c b/packet-clnp.c index 6eb70a489d..ac1cc1ca23 100644 --- a/packet-clnp.c +++ b/packet-clnp.c @@ -1,7 +1,7 @@ /* packet-clnp.c * Routines for ISO/OSI network and transport protocol packet disassembly * - * $Id: packet-clnp.c,v 1.44 2002/01/10 11:27:56 guy Exp $ + * $Id: packet-clnp.c,v 1.45 2002/01/17 06:29:16 guy Exp $ * Laurent Deniel * Ralf Schneider * @@ -1596,7 +1596,8 @@ static void dissect_clnp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) gboolean save_in_error_pkt; fragment_data *fd_head; tvbuff_t *volatile next_tvb; - gboolean update_col_info = TRUE; + gboolean update_col_info = TRUE; + gboolean save_fragmented; if (check_col(pinfo->cinfo, COL_PROTOCOL)) col_set_str(pinfo->cinfo, COL_PROTOCOL, "CLNP"); @@ -1822,6 +1823,7 @@ static void dissect_clnp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) /* If clnp_reassemble is on and this is a segment, then just add the segment * to the hashtable. */ + save_fragmented = pinfo->fragmented; if (clnp_reassemble && (cnf_type & CNF_SEG_OK) && ((cnf_type & CNF_MORE_SEGS) || segment_offset != 0)) { /* We're reassembling, and this is part of a segmented datagram. @@ -1962,6 +1964,7 @@ static void dissect_clnp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) /* As we haven't reassembled anything, we haven't changed "pi", so we don't have to restore it. */ call_dissector(data_handle,tvb_new_subset(tvb, offset,-1,tvb_reported_length_remaining(tvb,offset)), pinfo, tree); + pinfo->fragmented = save_fragmented; return; } @@ -1975,8 +1978,10 @@ static void dissect_clnp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) PDU, skip that? */ if (nsel == (char)tp_nsap_selector || always_decode_transport) { - if (dissect_ositp_internal(next_tvb, pinfo, tree, FALSE)) + if (dissect_ositp_internal(next_tvb, pinfo, tree, FALSE)) { + pinfo->fragmented = save_fragmented; return; /* yes, it appears to be COTP or CLTP */ + } } break; @@ -2043,6 +2048,7 @@ static void dissect_clnp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) pinfo->dst = save_dst; } } + pinfo->fragmented = save_fragmented; return; /* we're done with this PDU */ case ERQ_NPDU: @@ -2054,7 +2060,7 @@ static void dissect_clnp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) if (check_col(pinfo->cinfo, COL_INFO)) col_add_fstr(pinfo->cinfo, COL_INFO, "%s NPDU %s", pdu_type_string, flag_string); call_dissector(data_handle,next_tvb, pinfo, tree); - + pinfo->fragmented = save_fragmented; } /* dissect_clnp */ static void diff --git a/packet-frame.c b/packet-frame.c index 951844a2a2..c95a2823c6 100644 --- a/packet-frame.c +++ b/packet-frame.c @@ -2,7 +2,7 @@ * * Top-most dissector. Decides dissector based on Wiretap Encapsulation Type. * - * $Id: packet-frame.c,v 1.17 2002/01/08 07:17:55 guy Exp $ + * $Id: packet-frame.c,v 1.18 2002/01/17 06:29:16 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -45,6 +45,7 @@ static int hf_frame_p2p_dir = -1; static int hf_frame_file_off = -1; static int proto_short = -1; int proto_malformed = -1; +static int proto_unreassembled = -1; static gint ett_frame = -1; @@ -157,10 +158,29 @@ dissect_frame(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) "[Short Frame: %s]", pinfo->current_proto ); } CATCH(ReportedBoundsError) { - if (check_col(pinfo->cinfo, COL_INFO)) - col_append_str(pinfo->cinfo, COL_INFO, "[Malformed Packet]"); - proto_tree_add_protocol_format(tree, proto_malformed, tvb, 0, 0, - "[Malformed Packet: %s]", pinfo->current_proto ); + if (pinfo->fragmented) { + /* + * We were dissecting an unreassembled fragmented + * packet when the exception was thrown, so the + * problem isn't that the dissector expected + * something but it wasn't in the packet, the + * problem is that the dissector expected something + * but it wasn't in the fragment we dissected. + */ + if (check_col(pinfo->cinfo, COL_INFO)) + col_append_str(pinfo->cinfo, COL_INFO, + "[Unreassembled Fragmented Packet]"); + proto_tree_add_protocol_format(tree, proto_unreassembled, + tvb, 0, 0, "[Unreassembled Fragmented Packet: %s]", + pinfo->current_proto ); + } else { + if (check_col(pinfo->cinfo, COL_INFO)) + col_append_str(pinfo->cinfo, COL_INFO, + "[Malformed Packet]"); + proto_tree_add_protocol_format(tree, proto_malformed, + tvb, 0, 0, "[Malformed Packet: %s]", + pinfo->current_proto ); + } } ENDTRY; } @@ -224,11 +244,16 @@ proto_register_frame(void) proto_short = proto_register_protocol("Short Frame", "Short frame", "short"); proto_malformed = proto_register_protocol("Malformed Packet", "Malformed packet", "malformed"); + proto_unreassembled = proto_register_protocol( + "Unreassembled Fragmented Packet", + "Unreassembled fragmented packet", "unreassembled"); - /* "Short Frame" and "Malformed Packet" aren't really protocols, - they're error indications; disabling them makes no sense. */ + /* "Short Frame", "Malformed Packet", and "Unreassembled Fragmented + Packet" aren't really protocols, they're error indications; + disabling them makes no sense. */ proto_set_cant_disable(proto_short); proto_set_cant_disable(proto_malformed); + proto_set_cant_disable(proto_unreassembled); /* Our preferences */ frame_module = prefs_register_protocol(proto_frame, NULL); diff --git a/packet-ip.c b/packet-ip.c index 8793e96323..27ba0f0bb2 100644 --- a/packet-ip.c +++ b/packet-ip.c @@ -1,7 +1,7 @@ /* packet-ip.c * Routines for IP and miscellaneous IP protocol packet disassembly * - * $Id: packet-ip.c,v 1.155 2002/01/10 11:27:56 guy Exp $ + * $Id: packet-ip.c,v 1.156 2002/01/17 06:29:16 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -822,7 +822,8 @@ dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) guint16 ipsum; fragment_data *ipfd_head; tvbuff_t *next_tvb; - gboolean update_col_info = TRUE; + gboolean update_col_info = TRUE; + gboolean save_fragmented; if (check_col(pinfo->cinfo, COL_PROTOCOL)) col_set_str(pinfo->cinfo, COL_PROTOCOL, "IP"); @@ -968,6 +969,7 @@ dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) /* If ip_defragment is on and this is a fragment, then just add the fragment * to the hashtable. */ + save_fragmented = pinfo->fragmented; if (ip_defragment && (iph.ip_off & (IP_MF|IP_OFFSET))) { /* We're reassembling, and this is part of a fragmented datagram. Add the fragment to the hash table if the checksum is ok @@ -1105,6 +1107,7 @@ dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) col_add_fstr(pinfo->cinfo, COL_INFO, "Fragmented IP protocol (proto=%s 0x%02x, off=%u)", ipprotostr(iph.ip_p), iph.ip_p, (iph.ip_off & IP_OFFSET) * 8); call_dissector(data_handle,tvb_new_subset(tvb, offset,-1,tvb_reported_length_remaining(tvb,offset)), pinfo, tree); + pinfo->fragmented = save_fragmented; return; } @@ -1123,6 +1126,7 @@ dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) } call_dissector(data_handle,next_tvb, pinfo, tree); } + pinfo->fragmented = save_fragmented; } #define ICMP_MIP_EXTENSION_PAD 0 diff --git a/packet-ipv6.c b/packet-ipv6.c index 42c15a9d94..563f0d60be 100644 --- a/packet-ipv6.c +++ b/packet-ipv6.c @@ -1,7 +1,7 @@ /* packet-ipv6.c * Routines for IPv6 packet disassembly * - * $Id: packet-ipv6.c,v 1.72 2002/01/10 11:27:56 guy Exp $ + * $Id: packet-ipv6.c,v 1.73 2002/01/17 06:29:16 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -657,6 +657,7 @@ dissect_ipv6(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) fragment_data *ipfd_head; tvbuff_t *next_tvb; gboolean update_col_info = TRUE; + gboolean save_fragmented; struct ip6_hdr ipv6; @@ -809,6 +810,7 @@ again: /* If ipv6_reassemble is on and this is a fragment, then just add the fragment * to the hashtable. */ + save_fragmented = pinfo->fragmented; if (ipv6_reassemble && frag) { /* We're reassembling, and this is part of a fragmented datagram. Add the fragment to the hash table if the frame isn't truncated. */ @@ -946,6 +948,7 @@ again: /* As we haven't reassembled anything, we haven't changed "pi", so we don't have to restore it. */ + pinfo->fragmented = save_fragmented; return; } @@ -956,6 +959,7 @@ again: col_add_fstr(pinfo->cinfo, COL_INFO, "%s (0x%02x)", ipprotostr(nxt),nxt); call_dissector(data_handle,next_tvb, pinfo, tree); } + pinfo->fragmented = save_fragmented; } static void diff --git a/packet-smb-pipe.c b/packet-smb-pipe.c index 26445ae704..450d464542 100644 --- a/packet-smb-pipe.c +++ b/packet-smb-pipe.c @@ -8,7 +8,7 @@ XXX Fixme : shouldnt show [malformed frame] for long packets * significant rewrite to tvbuffify the dissector, Ronnie Sahlberg and * Guy Harris 2001 * - * $Id: packet-smb-pipe.c,v 1.63 2002/01/15 10:01:20 guy Exp $ + * $Id: packet-smb-pipe.c,v 1.64 2002/01/17 06:29:16 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -2540,6 +2540,7 @@ dissect_pipe_dcerpc(tvbuff_t *d_tvb, packet_info *pinfo, proto_tree *parent_tree dcerpc_private_info dcerpc_priv; smb_info_t *smb_priv = (smb_info_t *)pinfo->private_data; gboolean result; + gboolean save_fragmented; dcerpc_priv.transport_type = DCERPC_TRANSPORT_SMB; dcerpc_priv.data.smb.fid = fid; @@ -2554,6 +2555,8 @@ dissect_pipe_dcerpc(tvbuff_t *d_tvb, packet_info *pinfo, proto_tree *parent_tree pinfo->can_desegment=2; } + save_fragmented = pinfo->fragmented; + /* see if this packet is already desegmented */ if(smb_dcerpc_reassembly && pinfo->fd->flags.visited){ fragment_data *fd_head; @@ -2616,6 +2619,7 @@ dissect_pipe_dcerpc(tvbuff_t *d_tvb, packet_info *pinfo, proto_tree *parent_tree if (!result) call_dissector(data_handle, d_tvb, pinfo, parent_tree); + pinfo->fragmented = save_fragmented; return TRUE; } diff --git a/packet-smb.c b/packet-smb.c index aaa628cf99..94d0cbd64a 100644 --- a/packet-smb.c +++ b/packet-smb.c @@ -3,7 +3,7 @@ * Copyright 1999, Richard Sharpe * 2001 Rewrite by Ronnie Sahlberg and Guy Harris * - * $Id: packet-smb.c,v 1.194 2002/01/15 10:01:20 guy Exp $ + * $Id: packet-smb.c,v 1.195 2002/01/17 06:29:16 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -7437,6 +7437,7 @@ dissect_nt_transaction_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t int padcnt; fragment_data *r_fd = NULL; tvbuff_t *pd_tvb=NULL; + gboolean save_fragmented; si = (smb_info_t *)pinfo->private_data; if (si->sip != NULL) @@ -7522,12 +7523,15 @@ dissect_nt_transaction_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t In this section we do reassembly of both the data and parameters blocks of the SMB transaction command. */ - if(smb_trans_reassembly){ - /* do we need reassembly? */ - if( (td&&(td!=dc)) || (tp&&(tp!=pc)) ){ - /* oh yeah, either data or parameter section needs - reassembly - */ + save_fragmented = pinfo->fragmented; + /* do we need reassembly? */ + if( (td&&(td!=dc)) || (tp&&(tp!=pc)) ){ + /* oh yeah, either data or parameter section needs + reassembly... + */ + pinfo->fragmented = TRUE; + if(smb_trans_reassembly){ + /* ...and we were told to do reassembly */ if(pc && ((unsigned int)tvb_length_remaining(tvb, po)>=pc) ){ r_fd = smb_trans_defragment(tree, pinfo, tvb, po, pc, pd, td+tp); @@ -7540,8 +7544,8 @@ dissect_nt_transaction_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t } } - /* if we got a reassembled fd structure from the reassembly routine we must - create pd_tvb from it + /* if we got a reassembled fd structure from the reassembly routine we + must create pd_tvb from it */ if(r_fd){ proto_tree *tr; @@ -7603,6 +7607,7 @@ dissect_nt_transaction_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t COUNT_BYTES(dc); } } + pinfo->fragmented = save_fragmented; END_OF_SMB @@ -11184,6 +11189,7 @@ dissect_transaction_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree fragment_data *r_fd = NULL; tvbuff_t *pd_tvb=NULL, *d_tvb=NULL, *p_tvb=NULL; tvbuff_t *s_tvb=NULL, *sp_tvb=NULL; + gboolean save_fragmented; si = (smb_info_t *)pinfo->private_data; @@ -11309,12 +11315,15 @@ dissect_transaction_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree In this section we do reassembly of both the data and parameters blocks of the SMB transaction command. */ - if(smb_trans_reassembly){ - /* do we need reassembly? */ - if( (td!=dc) || (tp!=pc) ){ - /* oh yeah, either data or parameter section needs - reassembly - */ + save_fragmented = pinfo->fragmented; + /* do we need reassembly? */ + if( (td!=dc) || (tp!=pc) ){ + /* oh yeah, either data or parameter section needs + reassembly + */ + pinfo->fragmented = TRUE; + if(smb_trans_reassembly){ + /* ...and we were told to do reassembly */ if(pc && (tvb_length_remaining(tvb, po)>=pc) ){ r_fd = smb_trans_defragment(tree, pinfo, tvb, po, pc, pd, td+tp); @@ -11492,6 +11501,7 @@ dissect_transaction_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree } } + pinfo->fragmented = save_fragmented; END_OF_SMB return offset; diff --git a/packet-wtp.c b/packet-wtp.c index 88c955ee1b..3fd9078f36 100644 --- a/packet-wtp.c +++ b/packet-wtp.c @@ -2,7 +2,7 @@ * * Routines to dissect WTP component of WAP traffic. * - * $Id: packet-wtp.c,v 1.24 2002/01/04 20:20:08 guy Exp $ + * $Id: packet-wtp.c,v 1.25 2002/01/17 06:29:17 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -510,10 +510,12 @@ dissect_wtp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { int dataOffset = offCur + cbHeader + vHeader; guint32 dataLen = tvb_length_remaining(tvb, offCur + cbHeader + vHeader); + gboolean save_fragmented; if ((pdut == SEGMENTED_INVOKE) || (pdut == SEGMENTED_RESULT) || (((pdut == INVOKE) || (pdut == RESULT)) && (!fTTR))) /* 1st part of segment */ { + save_fragmented = pinfo->fragmented; pinfo->fragmented = TRUE; fd_head = fragment_add_seq(tvb, dataOffset, pinfo, TID, wtp_fragment_table, psn, dataLen, !fTTR); @@ -533,6 +535,7 @@ dissect_wtp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) if (check_col(pinfo->cinfo, COL_INFO)) /* Won't call WSP so display */ col_append_str(pinfo->cinfo, COL_INFO, szInfo ); } + pinfo->fragmented = save_fragmented; } else /* Normal packet, call next dissector */ { -- cgit v1.2.3