diff options
author | AndersBroman <anders.broman@ericsson.com> | 2016-08-30 14:55:54 +0200 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2016-08-30 19:24:19 +0000 |
commit | 68b73981193851d06d2d66d07394d84b908fec7a (patch) | |
tree | 69968da160c6c87d896181b18439b3f497d92f59 | |
parent | a892c90367a9f1b1d3d962cfe958174b8fefcaee (diff) |
[Diameter] Improve dissection of malformed packets by continnuing
dissection and display the problem more prominetly.
Change-Id: Ia1a32667a18e1e5b60b5c167da9b6dd945ba3dfc
Reviewed-on: https://code.wireshark.org/review/17385
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
-rw-r--r-- | epan/dissectors/packet-diameter.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/epan/dissectors/packet-diameter.c b/epan/dissectors/packet-diameter.c index ad021cbe75..ca79ca2346 100644 --- a/epan/dissectors/packet-diameter.c +++ b/epan/dissectors/packet-diameter.c @@ -292,6 +292,7 @@ static expert_field ei_diameter_code = EI_INIT; static expert_field ei_diameter_avp_code = EI_INIT; static expert_field ei_diameter_avp_vendor_id = EI_INIT; static expert_field ei_diameter_invalid_ipv6_prefix_len = EI_INIT; +static expert_field ei_diameter_invalid_avp_len = EI_INIT; /* Tap for Diameter */ static int diameter_tap = -1; @@ -695,6 +696,14 @@ dissect_diameter_avp(diam_ctx_t *c, tvbuff_t *tvb, int offset, diam_sub_dis_t *d } #endif } + /* Check if the length is sane */ + if (len > (guint32)tvb_reported_length_remaining(tvb, offset)) { + proto_tree_add_expert_format(c->tree, c->pinfo, &ei_diameter_invalid_avp_len, tvb, offset + 4, 4, + "Wrong AVP(%u) length %u", + code, + len); + return tvb_reported_length(tvb); + } /* Add root of tree for this AVP */ avp_item = proto_tree_add_item(c->tree, hf_diameter_avp, tvb, offset, len + pad_len, ENC_NA); @@ -2268,7 +2277,8 @@ real_register_diameter_fields(void) { &ei_diameter_application_id, { "diameter.applicationId.unknown", PI_UNDECODED, PI_WARN, "Unknown Application Id, if you know what this is you can add it to dictionary.xml", EXPFILL }}, { &ei_diameter_version, { "diameter.version.unknown", PI_UNDECODED, PI_WARN, "Unknown Diameter Version (decoding as RFC 3588)", EXPFILL }}, { &ei_diameter_code, { "diameter.cmd.code.unknown", PI_UNDECODED, PI_WARN, "Unknown command, if you know what this is you can add it to dictionary.xml", EXPFILL }}, - { &ei_diameter_invalid_ipv6_prefix_len, { "diameter.invalid_ipv6_prefix_len", PI_MALFORMED, PI_ERROR, "Invalid IPv6 Prefix length", EXPFILL }} + { &ei_diameter_invalid_ipv6_prefix_len, { "diameter.invalid_ipv6_prefix_len", PI_MALFORMED, PI_ERROR, "Invalid IPv6 Prefix length", EXPFILL }}, + { &ei_diameter_invalid_avp_len,{ "diameter.invalid_avp_len", PI_MALFORMED, PI_ERROR, "Invalid AVP length", EXPFILL }} }; wmem_array_append(build_dict.hf, hf_base, array_length(hf_base)); |