diff options
author | Pascal Quantin <pascal.quantin@gmail.com> | 2018-03-30 14:46:55 +0200 |
---|---|---|
committer | Pascal Quantin <pascal.quantin@gmail.com> | 2018-03-30 14:28:13 +0000 |
commit | 4f3c2837a59c7597c1736c83acfea18dcec26157 (patch) | |
tree | fa8b1c19246b9cbd5eccc83aa14e66ed5052d85b | |
parent | 4feb47dca259e8927ab6395fc8036638ec78747f (diff) |
SGsAP: fix decoding of Erroneous message IE
Let's indicate the right payload length.
While we are at it, let's catch bounds errors as the erroneous payload
migth be malformed.
Change-Id: I360e8068f48e53cd5355f8c02b20d265df1fb2ff
Reviewed-on: https://code.wireshark.org/review/26689
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
-rw-r--r-- | epan/dissectors/packet-sgsap.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/epan/dissectors/packet-sgsap.c b/epan/dissectors/packet-sgsap.c index 02587831ff..4873e9f29a 100644 --- a/epan/dissectors/packet-sgsap.c +++ b/epan/dissectors/packet-sgsap.c @@ -17,6 +17,8 @@ #include <epan/packet.h> #include <epan/prefs.h> #include <epan/expert.h> +#include <epan/exceptions.h> +#include <epan/show_exception.h> #include "packet-gsm_a_common.h" #include "packet-e212.h" @@ -120,7 +122,7 @@ de_sgsap_eps_loc_upd_type(tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo _U * See subclause 18.4.5 in 3GPP TS 29.018 [16]. */ static guint16 -de_sgsap_err_msg(tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo _U_, guint32 offset, guint len _U_, gchar *add_string , int string_len) +de_sgsap_err_msg(tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo, guint32 offset, guint len, gchar *add_string , int string_len) { const gchar *msg_str; gint ett_tree; @@ -149,8 +151,13 @@ de_sgsap_err_msg(tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo _U_, guint3 } if (msg_fcn_p){ - offset++; - (*msg_fcn_p)(tvb, tree, pinfo, offset, len - offset); + volatile guint32 curr_offset = offset + 1; + TRY { + /*let's try to decode erroneous message and catch exceptions as it could be malformed */ + (*msg_fcn_p)(tvb, tree, pinfo, curr_offset, len - 1); + } CATCH_BOUNDS_ERRORS { + show_exception(tvb, pinfo, tree, EXCEPT_CODE, GET_MESSAGE); + } ENDTRY } |