diff options
| author | Gerald Combs <gerald@wireshark.org> | 2004-12-09 19:06:59 +0000 |
|---|---|---|
| committer | Gerald Combs <gerald@wireshark.org> | 2004-12-09 19:06:59 +0000 |
| commit | eae0fb9b981e534c655aa6da40c83bc16aace4d5 (patch) | |
| tree | b216286c17a124c478f3d4686116a798f6a5b0cb | |
| parent | d888d28671ab5c8dbb280c95fa0761fe1f3e968a (diff) | |
Improve the byte length check from the last commit, and check for the same
problem in other parts of the code.
svn path=/trunk/; revision=12699
| -rw-r--r-- | epan/dissectors/packet-x25.c | 50 |
1 files changed, 34 insertions, 16 deletions
diff --git a/epan/dissectors/packet-x25.c b/epan/dissectors/packet-x25.c index 666a7138be..b7f2d4d69f 100644 --- a/epan/dissectors/packet-x25.c +++ b/epan/dissectors/packet-x25.c @@ -976,8 +976,14 @@ dump_facilities(proto_tree *tree, int *offset, tvbuff_t *tvb) "(Call redirection or deflection notification)", fac); fac_subtree = proto_item_add_subtree(ti, ett_x25_fac_call_transfer); byte1 = tvb_get_guint8(tvb, *offset+1); - proto_tree_add_text(fac_subtree, tvb, *offset+1, 1, - "Length : %u", byte1); + if (byte1 < 2) { + proto_tree_add_text(fac_subtree, tvb, *offset+1, 1, + "Bogus length : %d", byte1); + return; + } else { + proto_tree_add_text(fac_subtree, tvb, *offset+1, 1, + "Length : %u", byte1); + } byte2 = tvb_get_guint8(tvb, *offset+2); if ((byte2 & 0xC0) == 0xC0) { proto_tree_add_text(fac_subtree, tvb, *offset+2, 1, @@ -1026,14 +1032,8 @@ dump_facilities(proto_tree *tree, int *offset, tvbuff_t *tvb) } } tmpbuf[i] = 0; - if (byte1 < 2) { - proto_tree_add_text(fac_subtree, tvb, 0, 0, - "Bogus byte length : %d", byte1); - return; - } else { - proto_tree_add_text(fac_subtree, tvb, *offset+4, byte1 - 2, - "DTE address : %s", tmpbuf); - } + proto_tree_add_text(fac_subtree, tvb, *offset+4, byte1 - 2, + "DTE address : %s", tmpbuf); } break; case X25_FAC_CALLING_ADDR_EXT: @@ -1046,8 +1046,14 @@ dump_facilities(proto_tree *tree, int *offset, tvbuff_t *tvb) fac_subtree = proto_item_add_subtree(ti, ett_x25_fac_calling_addr_ext); byte1 = tvb_get_guint8(tvb, *offset+1); - proto_tree_add_text(fac_subtree, tvb, *offset+1, 1, - "Length : %u", byte1); + if (byte1 < 1) { + proto_tree_add_text(fac_subtree, tvb, *offset+1, 1, + "Bogus length : %d", byte1); + return; + } else { + proto_tree_add_text(fac_subtree, tvb, *offset+1, 1, + "Length : %u", byte1); + } byte2 = tvb_get_guint8(tvb, *offset+2) & 0x3F; proto_tree_add_text(fac_subtree, tvb, *offset+2, 1, "Number of semi-octets in DTE address : %u", byte2); @@ -1079,8 +1085,14 @@ dump_facilities(proto_tree *tree, int *offset, tvbuff_t *tvb) fac_subtree = proto_item_add_subtree(ti, ett_x25_fac_called_addr_ext); byte1 = tvb_get_guint8(tvb, *offset+1); - proto_tree_add_text(fac_subtree, tvb, *offset+1, 1, - "Length : %u", byte1); + if (byte1 < 1) { + proto_tree_add_text(fac_subtree, tvb, *offset+1, 1, + "Bogus length : %d", byte1); + return; + } else { + proto_tree_add_text(fac_subtree, tvb, *offset+1, 1, + "Length : %u", byte1); + } byte2 = tvb_get_guint8(tvb, *offset+2) & 0x3F; proto_tree_add_text(fac_subtree, tvb, *offset+2, 1, "Number of semi-octets in DTE address : %u", byte2); @@ -1124,8 +1136,14 @@ dump_facilities(proto_tree *tree, int *offset, tvbuff_t *tvb) fac_subtree = proto_item_add_subtree(ti, ett_x25_fac_call_deflect); byte1 = tvb_get_guint8(tvb, *offset+1); - proto_tree_add_text(fac_subtree, tvb, *offset+1, 1, - "Length : %u", byte1); + if (byte1 < 2) { + proto_tree_add_text(fac_subtree, tvb, *offset+1, 1, + "Bogus length : %d", byte1); + return; + } else { + proto_tree_add_text(fac_subtree, tvb, *offset+1, 1, + "Length : %u", byte1); + } byte2 = tvb_get_guint8(tvb, *offset+2); if ((byte2 & 0xC0) == 0xC0) proto_tree_add_text(fac_subtree, tvb, *offset+2, 1, |