SOCKS: fix desegmentation over multiple TCP segments

The SOCKS dissector temporarily changes the pinfo values for destport
or srcport, so it should get the tcp_conversation_data after doing so
before recursively calling the TCP dissector again. Otherwise the TCP
dissector will be confused about whether a TCP multisegment PDU is in
progress or not, causing failure to lookup and store fragments correctly,
including both failed desegmentation and failed asserts (when it expects
an entry in the table which isn't there, as it was stored under a different
port number.) Fixes #16646.

1 files changed, 7 insertions, 6 deletions

diff --git a/epan/dissectors/packet-socks.c b/epan/dissectors/packet-socks.c
index c23d6ccb55..c8f6753844 100644
--- a/epan/dissectors/packet-socks.c
+++ b/epan/dissectors/packet-socks.c
@@ -970,7 +970,6 @@ static void call_next_dissector(tvbuff_t *tvb, int offset, packet_info *pinfo,
     guint16 save_can_desegment;
     struct tcp_analysis *tcpd=NULL;
 
-    tcpd=get_tcp_conversation_data(NULL,pinfo);
 
     if (( hash_info->command  == PING_COMMAND) ||
         ( hash_info->command  == TRACERT_COMMAND))
@@ -981,13 +980,15 @@ static void call_next_dissector(tvbuff_t *tvb, int offset, packet_info *pinfo,
 
 /*XXX may want to load dest address here */
 
-        if ( pinfo->destport  == TCP_PORT_SOCKS)
-                ptr = &pinfo->destport;
-        else
-                ptr = &pinfo->srcport;
+        if (pinfo->destport == TCP_PORT_SOCKS) {
+            ptr = &pinfo->destport;
+        } else {
+            ptr = &pinfo->srcport;
+        }
 
-            *ptr = hash_info->port;
+        *ptr = hash_info->port;
 
+        tcpd = get_tcp_conversation_data(NULL, pinfo);
 /* 2003-09-18 JCFoster Fixed problem with socks tunnel in socks tunnel */
 
         state_info->in_socks_dissector_flag = 1; /* avoid recursive overflow */