diff options
author | John Thacker <johnthacker@gmail.com> | 2022-02-01 19:32:09 -0500 |
---|---|---|
committer | A Wireshark GitLab Utility <gerald+gitlab-utility@wireshark.org> | 2022-02-02 01:05:16 +0000 |
commit | 09ecc11be550f7af4f2c953beb8a0eb7188fc063 (patch) | |
tree | 1e8bdcd7335cd7a40555f349a55d3626667c4fe5 | |
parent | 8ef0114995fa64b29b521924fdc654c48ccf5ca4 (diff) |
ipsec: Don't use NULL heuristic if padding length is impossible
If the ESP NULL heuristic is on, but interpreting the padding length
byte as unencrypted would leave fewer than zero bytes remaining for
the payload tvb, just consider the heuristic failed instead of trying
to create the next_tvb subset and thus throwing an error.
-rw-r--r-- | epan/dissectors/packet-ipsec.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/epan/dissectors/packet-ipsec.c b/epan/dissectors/packet-ipsec.c index f229f8b1c3..4d18fd5db0 100644 --- a/epan/dissectors/packet-ipsec.c +++ b/epan/dissectors/packet-ipsec.c @@ -2196,7 +2196,7 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) esp_pad_len = tvb_get_guint8(tvb, esp_packet_len - 14); encapsulated_protocol = tvb_get_guint8(tvb, esp_packet_len - 13); dissector_handle = dissector_get_uint_handle(ip_dissector_table, encapsulated_protocol); - if (dissector_handle) { + if (dissector_handle && (ESP_HEADER_LEN + 14 + esp_pad_len) <= esp_packet_len) { saved_match_uint = pinfo->match_uint; pinfo->match_uint = encapsulated_protocol; next_tvb = tvb_new_subset_length(tvb, ESP_HEADER_LEN, esp_packet_len - ESP_HEADER_LEN - 14 - esp_pad_len); |