diff options
author | Guy Harris <guy@alum.mit.edu> | 2016-07-04 16:22:11 -0700 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2016-07-04 23:23:05 +0000 |
commit | 6e913894709c3fe1f75e1750ee2f18c6b69aefd2 (patch) | |
tree | e0f9f72ee3187f9a276200f3bf6437059d8c0e11 | |
parent | 240f60577d16022a3728af926d0c03634c23862a (diff) |
Add a length check.
Make sure the LBMR TNWG Interest record's length is at least the size of
a minimum-length LBMR TNWG Interest record.
Hopefully this will fix the real problem about which CID 1363025 is
complaining.
Change-Id: I60d94a054ec1ba4fb32b0cdd361995a584fe74a6
Reviewed-on: https://code.wireshark.org/review/16296
Reviewed-by: Guy Harris <guy@alum.mit.edu>
-rw-r--r-- | epan/dissectors/packet-lbmr.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/epan/dissectors/packet-lbmr.c b/epan/dissectors/packet-lbmr.c index f112f7e2b6..d22199fd6b 100644 --- a/epan/dissectors/packet-lbmr.c +++ b/epan/dissectors/packet-lbmr.c @@ -3282,14 +3282,18 @@ static int dissect_lbmr_tnwg_interest_rec(tvbuff_t * tvb, int offset, packet_inf }; rec_len = tvb_get_ntohs(tvb, offset + O_LBMR_TNWG_INTEREST_REC_T_LEN); - string_len = rec_len - L_LBMR_TNWG_INTEREST_REC_T; rec_item = proto_tree_add_item(tree, hf_lbmr_tnwg_interest_rec, tvb, offset, rec_len, ENC_NA); rec_tree = proto_item_add_subtree(rec_item, ett_lbmr_tnwg_interest_rec); proto_tree_add_item(rec_tree, hf_lbmr_tnwg_interest_rec_len, tvb, offset + O_LBMR_TNWG_INTEREST_REC_T_LEN, L_LBMR_TNWG_INTEREST_REC_T_LEN, ENC_BIG_ENDIAN); + if (rec_len < L_LBMR_TNWG_INTEREST_REC_T) { + /* XXX - report an error */ + return ((int)rec_len); + } proto_tree_add_bitmask(rec_tree, tvb, offset + O_LBMR_TNWG_INTEREST_REC_T_FLAGS, hf_lbmr_tnwg_interest_rec_flags, ett_lbmr_tnwg_interest_rec_flags, flags, ENC_BIG_ENDIAN); proto_tree_add_item(rec_tree, hf_lbmr_tnwg_interest_rec_pattype, tvb, offset + O_LBMR_TNWG_INTEREST_REC_T_PATTYPE, L_LBMR_TNWG_INTEREST_REC_T_PATTYPE, ENC_BIG_ENDIAN); proto_tree_add_item(rec_tree, hf_lbmr_tnwg_interest_rec_domain_id, tvb, offset + O_LBMR_TNWG_INTEREST_REC_T_DOMAIN_ID, L_LBMR_TNWG_INTEREST_REC_T_DOMAIN_ID, ENC_BIG_ENDIAN); + string_len = rec_len - L_LBMR_TNWG_INTEREST_REC_T; proto_tree_add_item(rec_tree, hf_lbmr_tnwg_interest_rec_symbol, tvb, offset + L_LBMR_TNWG_INTEREST_REC_T, string_len, ENC_ASCII|ENC_NA); return ((int)rec_len); } |