diff options
| author | Anders Broman <anders.broman@ericsson.com> | 2012-09-01 11:37:42 +0000 |
|---|---|---|
| committer | Anders Broman <anders.broman@ericsson.com> | 2012-09-01 11:37:42 +0000 |
| commit | 4b6ad1d9d71e29f9d0a9ba3903593b6cb08884e9 (patch) | |
| tree | 96775bea0c37f07bc3de739e0a5f0dce4f88bbaf | |
| parent | c44a7fba0d98390e3ab05160d93f89db4f7c551b (diff) | |
From Michael Mann:
length check "heuristics" for FF dissector (UDP + TCP)
"Fix" WTP+WSP packets incorrectly dissected as Foundation FieldBus packets https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4822
svn path=/trunk/; revision=44722
| -rw-r--r-- | epan/dissectors/packet-ff.c | 53 |
1 files changed, 26 insertions, 27 deletions
diff --git a/epan/dissectors/packet-ff.c b/epan/dissectors/packet-ff.c index 9805c961b7..7f2577359f 100644 --- a/epan/dissectors/packet-ff.c +++ b/epan/dissectors/packet-ff.c @@ -12941,7 +12941,7 @@ dissect_ff_msg_hdr(tvbuff_t *tvb, -static void +static int dissect_ff(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_tree *sub_tree = NULL; @@ -12956,14 +12956,19 @@ dissect_ff(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) guint32 trailer_len = 0; - col_set_str(pinfo->cinfo, COL_PROTOCOL, "FF"); - Options = tvb_get_guint8(tvb, 1); ProtocolAndType = tvb_get_guint8(tvb, 2); Service = tvb_get_guint8(tvb, 3); FDAAddress = tvb_get_ntohl(tvb, 4); length = tvb_get_ntohl(tvb, 8); + /* Make sure the length field is valid */ + if ((length > (guint32)tvb_reported_length_remaining(tvb, 0)) || + (length < 12)) + return 0; + + col_set_str(pinfo->cinfo, COL_PROTOCOL, "FF"); + if(tree) { ti = proto_tree_add_item(tree, proto_ff, tvb, offset, length, ENC_NA); sub_tree = proto_item_add_subtree(ti, ett_ff); @@ -13012,7 +13017,7 @@ dissect_ff(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) /*offset += trailer_len;*/ } - return; + return tvb_length(tvb); } @@ -13025,7 +13030,7 @@ get_ff_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset) -static void +static int dissect_ff_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { /* @@ -13044,36 +13049,30 @@ dissect_ff_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) * */ + /* Make sure we at least have the header */ + if (!tvb_bytes_exist(tvb, 0, 12)) + return 0; + + /* Make sure the Message Length at least includes the header size */ + if (tvb_get_ntohl(tvb, 8) < 12) + return 0; + tcp_dissect_pdus(tvb, pinfo, tree, ff_desegment, 12, get_ff_pdu_len, dissect_ff); - return; + return tvb_length(tvb); } -static void +static int dissect_ff_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { - conversation_t *conversation = NULL; - - if(pinfo->destport == UDP_PORT_FF_FMS) { - conversation = - find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, - PT_UDP, pinfo->srcport, 0, NO_PORT_B); - - if(!conversation || - (conversation->dissector_handle != ff_udp_handle)) { - - conversation = - conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, - PT_UDP, pinfo->srcport, 0, NO_PORT2); - - conversation_set_dissector(conversation, ff_udp_handle); - } - } + /* Make sure at least the header is there */ + if ((guint32)tvb_reported_length(tvb) < 12) + return 0; - dissect_ff(tvb, pinfo, tree); + return dissect_ff(tvb, pinfo, tree); } @@ -16809,8 +16808,8 @@ proto_reg_handoff_ff(void) /* * 4.8. Using UDP and TCP */ - ff_udp_handle = create_dissector_handle(dissect_ff_udp, proto_ff); - ff_tcp_handle = create_dissector_handle(dissect_ff_tcp, proto_ff); + ff_udp_handle = new_create_dissector_handle(dissect_ff_udp, proto_ff); + ff_tcp_handle = new_create_dissector_handle(dissect_ff_tcp, proto_ff); /* * 4.8.4.2. Use |