diff options
author | Gerald Combs <gerald@wireshark.org> | 2005-10-17 16:12:24 +0000 |
---|---|---|
committer | Gerald Combs <gerald@wireshark.org> | 2005-10-17 16:12:24 +0000 |
commit | 5cadbb4de46ba08c2871fbdb881f12d949109ea5 (patch) | |
tree | a838583c9e0b7153f22387a44331214c048fc759 | |
parent | e3285cbcaeb9a72ac331b507cc0ed2c8a5a83fa3 (diff) |
When dissecting an ACSE APDU make sure our OID isn't for an ACSE APDU
(which would make us recurse until we crashed).
svn path=/trunk/; revision=16252
-rw-r--r-- | asn1/acse/packet-acse-template.c | 18 | ||||
-rw-r--r-- | epan/dissectors/packet-acse.c | 20 |
2 files changed, 25 insertions, 13 deletions
diff --git a/asn1/acse/packet-acse-template.c b/asn1/acse/packet-acse-template.c index 14ba0cd428..7fa57124cf 100644 --- a/asn1/acse/packet-acse-template.c +++ b/asn1/acse/packet-acse-template.c @@ -2,7 +2,7 @@ There is a bug in asn2eth that it can not yet handle tagged assignments such as EXTERNAL ::= [UNIVERSAL 8] IMPLICIT SEQUENCE { - This bug is workedaround by some .cnf magic but this should be cleaned up + This bug is workedaround by some .cnf magic but this should be cleaned up once asn2eth learns how to deal with tagged assignments */ @@ -11,7 +11,7 @@ * Ronnie Sahlberg 2005 * dissect_acse() based original handwritten dissector by Sid * Yuriy Sidelnikov <YSidelnikov@hotmail.com> - * + * * * $Id$ * @@ -56,6 +56,8 @@ #define PSNAME "ACSE" #define PFNAME "acse" +#define ACSE_APDU_OID "2.2.1.0.1" + /* Initialize the protocol and registered fields */ int proto_acse = -1; #include "packet-acse-hf.c" @@ -158,7 +160,7 @@ dissect_acse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) /* first, try to check length */ /* do we have at least 2 bytes */ if (!tvb_bytes_exist(tvb, 0, 2)){ - proto_tree_add_text(parent_tree, tvb, offset, + proto_tree_add_text(parent_tree, tvb, offset, tvb_reported_length_remaining(tvb,offset), "User data"); return; /* no, it isn't a ACSE PDU */ @@ -167,7 +169,7 @@ dissect_acse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) if( !pinfo->private_data ){ if(parent_tree){ REPORT_DISSECTOR_BUG("Can't get SPDU type from session dissector."); - } + } return ; } else { session = ( (struct SESSION_DATA_STRUCTURE*)(pinfo->private_data) ); @@ -192,7 +194,11 @@ dissect_acse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) break; case SES_DATA_TRANSFER: oid=find_oid_by_pres_ctx_id(pinfo, indir_ref); - if(oid){ + if(strcmp(oid, ACSE_APDU_OID) == 0){ + proto_tree_add_text(parent_tree, tvb, offset, -1, + "Invalid OID: %s", ACSE_APDU_OID); + THROW(ReportedBoundsError); + } else if(oid){ call_ber_oid_callback(oid, tvb, offset, pinfo, parent_tree); } else { proto_tree_add_text(parent_tree, tvb, offset, -1, @@ -258,7 +264,7 @@ void proto_reg_handoff_acse(void) { /*#include "packet-acse-dis-tab.c"*/ register_ber_oid_name("2.2.3.1.1","aCSE-id"); - register_ber_oid_dissector("2.2.1.0.1", dissect_acse, proto_acse, "acse-as-id"); + register_ber_oid_dissector(ACSE_APDU_OID, dissect_acse, proto_acse, "acse-as-id"); } diff --git a/epan/dissectors/packet-acse.c b/epan/dissectors/packet-acse.c index 6b486abe7d..57b04dd0e0 100644 --- a/epan/dissectors/packet-acse.c +++ b/epan/dissectors/packet-acse.c @@ -9,7 +9,7 @@ There is a bug in asn2eth that it can not yet handle tagged assignments such as EXTERNAL ::= [UNIVERSAL 8] IMPLICIT SEQUENCE { - This bug is workedaround by some .cnf magic but this should be cleaned up + This bug is workedaround by some .cnf magic but this should be cleaned up once asn2eth learns how to deal with tagged assignments */ @@ -18,7 +18,7 @@ * Ronnie Sahlberg 2005 * dissect_acse() based original handwritten dissector by Sid * Yuriy Sidelnikov <YSidelnikov@hotmail.com> - * + * * * $Id$ * @@ -63,6 +63,8 @@ #define PSNAME "ACSE" #define PFNAME "acse" +#define ACSE_APDU_OID "2.2.1.0.1" + /* Initialize the protocol and registered fields */ int proto_acse = -1; @@ -328,7 +330,7 @@ dissect_acse_T_indirect_reference(gboolean implicit_tag _U_, tvbuff_t *tvb, int /* look up the indirect reference */ if((oid = find_oid_by_pres_ctx_id(pinfo, indir_ref)) != NULL) { - g_snprintf(object_identifier_id, MAX_OID_STR_LEN, "{'FN_VARIANT': '', 'VAL_PTR': 'NULL', 'TREE': 'tree', 'DEFAULT_BODY': ' offset = dissect_ber_integer(implicit_tag, pinfo, tree, tvb, offset, hf_index,\n NULL);\n', 'HF_INDEX': 'hf_index', 'PINFO': 'pinfo', 'CREATED_ITEM_PTR': 'NULL', 'OFFSET': 'offset', 'TNAME': 'T_indirect_reference', 'TVB': 'tvb', 'IMPLICIT_TAG': 'implicit_tag', 'ER': 'ber'}", oid); + g_snprintf(object_identifier_id, MAX_OID_STR_LEN, "{'DEFAULT_BODY': ' offset = dissect_ber_integer(implicit_tag, pinfo, tree, tvb, offset, hf_index,\n NULL);\n', 'VAL_PTR': 'NULL', 'TREE': 'tree', 'FN_VARIANT': '', 'HF_INDEX': 'hf_index', 'PINFO': 'pinfo', 'CREATED_ITEM_PTR': 'NULL', 'OFFSET': 'offset', 'TNAME': 'T_indirect_reference', 'ER': 'ber', 'IMPLICIT_TAG': 'implicit_tag', 'TVB': 'tvb'}", oid); } if(session) @@ -1857,7 +1859,7 @@ dissect_acse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) /* first, try to check length */ /* do we have at least 2 bytes */ if (!tvb_bytes_exist(tvb, 0, 2)){ - proto_tree_add_text(parent_tree, tvb, offset, + proto_tree_add_text(parent_tree, tvb, offset, tvb_reported_length_remaining(tvb,offset), "User data"); return; /* no, it isn't a ACSE PDU */ @@ -1866,7 +1868,7 @@ dissect_acse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) if( !pinfo->private_data ){ if(parent_tree){ REPORT_DISSECTOR_BUG("Can't get SPDU type from session dissector."); - } + } return ; } else { session = ( (struct SESSION_DATA_STRUCTURE*)(pinfo->private_data) ); @@ -1891,7 +1893,11 @@ dissect_acse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) break; case SES_DATA_TRANSFER: oid=find_oid_by_pres_ctx_id(pinfo, indir_ref); - if(oid){ + if(strcmp(oid, ACSE_APDU_OID) == 0){ + proto_tree_add_text(parent_tree, tvb, offset, -1, + "Invalid OID: %s", ACSE_APDU_OID); + THROW(ReportedBoundsError); + } else if(oid){ call_ber_oid_callback(oid, tvb, offset, pinfo, parent_tree); } else { proto_tree_add_text(parent_tree, tvb, offset, -1, @@ -2422,7 +2428,7 @@ void proto_reg_handoff_acse(void) { /*#include "packet-acse-dis-tab.c"*/ register_ber_oid_name("2.2.3.1.1","aCSE-id"); - register_ber_oid_dissector("2.2.1.0.1", dissect_acse, proto_acse, "acse-as-id"); + register_ber_oid_dissector(ACSE_APDU_OID, dissect_acse, proto_acse, "acse-as-id"); } |