diff options
| author | Jonas Jonsson <jonas@ludd.ltu.se> | 2019-05-30 21:18:19 +0200 |
|---|---|---|
| committer | Stig Bjørlykke <stig@bjorlykke.org> | 2019-05-30 21:21:19 +0000 |
| commit | 49b6523c6cd4f8c56f428797283e150e63a52aad (patch) | |
| tree | cc53ce485bfd54008abacfa492ef2fc2318d0a07 | |
| parent | 860e73c88fffc65f24e5278e4d4a01332eabf6d5 (diff) | |
btle: Correctly detect l2cap fragment start
The first L2CAP PDU fragment starts with the 4 octet long L2CAP header
consisting of the Length and the CID fields. The Length field doesn't
include the header itself. Thus the Length field in the BLE Data header
will be 4 octets larger than the L2CAP PDU header Length field if the
packet wouldn't be fragmented.
The current implementation doesn't correctly detect the start fragment
causing reassembly to fail as it compares the BLE Data Length with the
L2CAP Length without compensating for the header.
By increasing the L2CAP PDU Length field with the header length the
reassembly works.
Rename the variable to better reflect what length it actually
represents.
Bug: 15807
Change-Id: Idcb6bdccc4daae756a63a9bae0839fe25ae99f23
Reviewed-on: https://code.wireshark.org/review/33428
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
| -rw-r--r-- | epan/dissectors/packet-btle.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/epan/dissectors/packet-btle.c b/epan/dissectors/packet-btle.c index 9fcbdb550c..dda8b63a47 100644 --- a/epan/dissectors/packet-btle.c +++ b/epan/dissectors/packet-btle.c @@ -1084,8 +1084,8 @@ dissect_btle(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) break; case 0x02: /* Start of an L2CAP message or a complete L2CAP message with no fragmentation */ if (length > 0) { - guint le_frame_len = tvb_get_letohs(tvb, offset); - if (le_frame_len > length) { + guint l2cap_len = tvb_get_letohs(tvb, offset); + if (l2cap_len + 4 > length) { /* L2CAP PDU Length excludes the 4 octets header */ pinfo->fragmented = TRUE; if (connection_info && !retransmit) { if (!pinfo->fd->visited) { @@ -1093,7 +1093,7 @@ dissect_btle(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) /* The first two octets in the L2CAP PDU contain the length of the entire * L2CAP PDU in octets, excluding the Length and CID fields(4 octets). */ - connection_info->direction_info[direction].segment_len_rem = le_frame_len + 4 - length; + connection_info->direction_info[direction].segment_len_rem = l2cap_len + 4 - length; connection_info->direction_info[direction].l2cap_index = l2cap_index; btle_frame_info->more_fragments = 1; btle_frame_info->l2cap_index = l2cap_index; |