diff options
| author | Anders Broman <anders.broman@ericsson.com> | 2012-04-18 11:12:15 +0000 |
|---|---|---|
| committer | Anders Broman <anders.broman@ericsson.com> | 2012-04-18 11:12:15 +0000 |
| commit | fec452c2b10a24b495d819d53e3524436f92a62b (patch) | |
| tree | 96c9a16ca1210b8029c84e800ce501e71f10a03f | |
| parent | 401a7109a84206c5ddc0b3ae866406229da0ac1f (diff) | |
Fix Bug 7119 ANSI MAP infinite loop.
Make conumed a guint16 to avoid wrapping add expert items.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7119
svn path=/trunk/; revision=42129
| -rw-r--r-- | epan/dissectors/packet-ansi_a.c | 57 |
1 files changed, 34 insertions, 23 deletions
diff --git a/epan/dissectors/packet-ansi_a.c b/epan/dissectors/packet-ansi_a.c index c927a860b7..34124c2d6f 100644 --- a/epan/dissectors/packet-ansi_a.c +++ b/epan/dissectors/packet-ansi_a.c @@ -46,6 +46,7 @@ #include <epan/tap.h> #include <epan/strutil.h> #include <epan/emem.h> +#include <epan/expert.h> #include "packet-rtp.h" #include "packet-bssap.h" @@ -919,6 +920,16 @@ ansi_a_so_int_to_str( curr_offset += ((edc_len) - (edc_max_len)); \ } +#define EXTRANEOUS_DATA_CHECK_EXPERT(edc_len, edc_max_len) \ + if ((edc_len) > (edc_max_len)) \ + { \ + proto_item *expert_item; \ + expert_item = proto_tree_add_text(tree, tvb, \ + curr_offset, (edc_len) - (edc_max_len), "Extraneous Data, dissector bug or later version spec(report to wireshark.org)"); \ + expert_add_info_format(pinfo, expert_item, PI_PROTOCOL, PI_NOTE, "Extraneous Data, dissector bug or later version spec(report to wireshark.org)"); \ + curr_offset += ((edc_len) - (edc_max_len)); \ + } + #define SHORT_DATA_CHECK(sdc_len, sdc_min_len) \ if ((sdc_len) < (sdc_min_len)) \ { \ @@ -2734,7 +2745,7 @@ static guint8 elem_cell_id_list(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, guint32 offset, guint len, gchar *add_string, int string_len) { guint8 oct; - guint8 consumed; + guint16 consumed; guint8 num_cells; guint32 curr_offset; proto_item *item = NULL; @@ -2953,7 +2964,7 @@ elem_downlink_re_aux(tvbuff_t *tvb, proto_tree *tree, guint32 offset, guint len, { guint8 oct; guint8 disc; - guint8 consumed; + guint16 consumed; guint8 num_cells; guint8 curr_cell; guint32 value; @@ -3081,7 +3092,7 @@ elem_downlink_re(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, guint3 static guint8 elem_downlink_re_list(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, guint32 offset, guint len, gchar *add_string, int string_len) { - guint8 consumed; + guint16 consumed; guint8 num_envs; guint8 oct_len; guint32 curr_offset; @@ -3203,7 +3214,7 @@ static guint8 elem_ho_pow_lev(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, guint32 offset, guint len, gchar *add_string, int string_len) { guint8 oct; - guint8 consumed; + guint16 consumed; guint8 num_cells; proto_item *item = NULL; proto_tree *subtree = NULL; @@ -5805,7 +5816,7 @@ elem_is2000_scr(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, guint32 } } - EXTRANEOUS_DATA_CHECK(len, curr_offset - offset); + EXTRANEOUS_DATA_CHECK_EXPERT(len, curr_offset - offset); return(curr_offset - offset); } @@ -8688,11 +8699,11 @@ static guint8 (*elem_1_fcn[])(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tre /* * Type Length Value (TLV) element dissector */ -static guint8 +static guint16 elem_tlv(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, elem_idx_t idx, guint32 offset, guint len _U_, const gchar *name_add) { guint8 oct, parm_len; - guint8 consumed; + guint16 consumed; guint32 curr_offset; proto_tree *subtree; proto_item *item; @@ -8770,11 +8781,11 @@ elem_tlv(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, elem_idx_t idx, gu * Length cannot be used in these functions, big problem if a element dissector * is not defined for these. */ -static guint8 +static guint16 elem_tv(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, elem_idx_t idx, guint32 offset, const gchar *name_add) { guint8 oct; - guint8 consumed; + guint16 consumed; guint32 curr_offset; proto_tree *subtree; proto_item *item; @@ -8847,12 +8858,12 @@ elem_tv(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, elem_idx_t idx, gui * Length cannot be used in these functions, big problem if a element dissector * is not defined for these. */ -static guint8 +static guint16 elem_t(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, elem_idx_t idx, guint32 offset, const gchar *name_add) { guint8 oct; guint32 curr_offset; - guint8 consumed; + guint16 consumed; curr_offset = offset; @@ -8882,11 +8893,11 @@ elem_t(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, elem_idx_t idx, /* * Length Value (LV) element dissector */ -static guint8 +static guint16 elem_lv(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, elem_idx_t idx, guint32 offset, guint len _U_, const gchar *name_add) { guint8 parm_len; - guint8 consumed; + guint16 consumed; guint32 curr_offset; proto_tree *subtree; proto_item *item; @@ -8954,10 +8965,10 @@ elem_lv(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, elem_idx_t idx, gui * Length cannot be used in these functions, big problem if a element dissector * is not defined for these. */ -static guint8 +static guint16 elem_v(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, elem_idx_t idx, guint32 offset) { - guint8 consumed; + guint16 consumed; guint32 curr_offset; gint dec_idx; @@ -9100,7 +9111,7 @@ elem_v(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, elem_idx_t idx, guin static void bsmap_cl3_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 offset, guint len) { - guint8 consumed; + guint16 consumed; guint32 curr_offset; guint curr_len; @@ -9457,7 +9468,7 @@ dtap_srvc_release_complete(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, static void bsmap_ass_req(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 offset, guint len) { - guint8 consumed; + guint16 consumed; guint32 curr_offset; guint curr_len; @@ -9510,7 +9521,7 @@ bsmap_ass_req(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 offse static void bsmap_ass_complete(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 offset, guint len) { - guint8 consumed; + guint16 consumed; guint32 curr_offset; guint curr_len; @@ -9545,7 +9556,7 @@ bsmap_ass_complete(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 static void bsmap_ass_failure(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 offset, guint len) { - guint8 consumed; + guint16 consumed; guint32 curr_offset; guint curr_len; @@ -9565,7 +9576,7 @@ bsmap_ass_failure(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 o static void bsmap_clr_req(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 offset, guint len) { - guint8 consumed; + guint16 consumed; guint32 curr_offset; guint curr_len; @@ -9585,7 +9596,7 @@ bsmap_clr_req(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 offse static void bsmap_clr_command(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 offset, guint len) { - guint8 consumed; + guint16 consumed; guint32 curr_offset; guint curr_len; @@ -9605,7 +9616,7 @@ bsmap_clr_command(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 o static void bsmap_clr_complete(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 offset, guint len) { - guint8 consumed; + guint16 consumed; guint32 curr_offset; guint curr_len; @@ -11623,7 +11634,7 @@ dissect_cdma2000_a1_elements(tvbuff_t *tvb, _U_ packet_info *pinfo, proto_tree * } } - EXTRANEOUS_DATA_CHECK(curr_len, 0); + EXTRANEOUS_DATA_CHECK_EXPERT(curr_len, 0); } /* GENERIC DISSECTOR FUNCTIONS */ |