diff options
author | Pascal Quantin <pascal.quantin@gmail.com> | 2015-10-18 22:44:09 +0200 |
---|---|---|
committer | Michael Mann <mmann78@netscape.net> | 2015-10-19 03:03:54 +0000 |
commit | 40caff2d1fb08262c84aaaa8ac584baa8866dd7c (patch) | |
tree | 98bdf980b974ebffaecabe9debd9d9eaac5f0eea /epan/dissectors/packet-alljoyn.c | |
parent | d34267d0503a67235bf259fd2f2f2d2bb8b18cf5 (diff) |
AllJoyn: prevent an infinite loop
Display an expert error when the argument is empty
Bug: 11607
Change-Id: I8682eab8fe1822f784e848220ff90de4eb5e13ff
Reviewed-on: https://code.wireshark.org/review/11132
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'epan/dissectors/packet-alljoyn.c')
-rw-r--r-- | epan/dissectors/packet-alljoyn.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/epan/dissectors/packet-alljoyn.c b/epan/dissectors/packet-alljoyn.c index 62ae20b5ee..f0079818a5 100644 --- a/epan/dissectors/packet-alljoyn.c +++ b/epan/dissectors/packet-alljoyn.c @@ -23,6 +23,7 @@ #include "config.h" #include <epan/packet.h> +#include <epan/expert.h> void proto_register_AllJoyn(void); void proto_reg_handoff_AllJoyn(void); @@ -236,6 +237,8 @@ static int hf_ardp_segbmax = -1;/* The maximum segment size we are willing to re static int hf_ardp_dackt = -1; /* Receiver's delayed ACK timeout. Used in TTL estimate prior to sending a message. */ static int hf_ardp_options = -1;/* Options for the connection. Always Sequenced Delivery Mode (SDM). */ +static expert_field ei_alljoyn_empty_arg = EI_INIT; + /* These are the ids of the subtrees we will be creating */ static gint ett_alljoyn_ns = -1; /* This is the top NS tree. */ static gint ett_alljoyn_ns_header = -1; @@ -871,6 +874,7 @@ parse_arg(tvbuff_t *tvb, { gint length; gint padding_start; + gint saved_offset = offset; const gchar *header_type_name = NULL; switch(type_id) @@ -1281,6 +1285,11 @@ parse_arg(tvbuff_t *tvb, /* Make sure we never return something longer than the buffer for an offset. */ if(offset > (gint)tvb_reported_length(tvb)) { offset = (gint)tvb_reported_length(tvb); + } else if (offset == saved_offset) { + /* The argument has a null size. Let's report the packet length to avoid an infinite loop. */ + /*expert_add_info(pinfo, header_item, &ei_alljoyn_empty_arg);*/ + proto_tree_add_expert(field_tree, pinfo, &ei_alljoyn_empty_arg, tvb, offset, 0); + offset = (gint)tvb_reported_length(tvb); } return offset; @@ -2424,6 +2433,8 @@ dissect_AllJoyn_ardp(tvbuff_t *tvb, void proto_register_AllJoyn(void) { + expert_module_t* expert_alljoyn; + /* A header field is something you can search/filter on. * * We create a structure to register our fields. It consists of an @@ -2991,6 +3002,12 @@ proto_register_AllJoyn(void) &ett_alljoyn_ardp }; + static ei_register_info ei[] = { + { &ei_alljoyn_empty_arg, + { "alljoyn.empty_arg", PI_MALFORMED, PI_ERROR, + "Argument is empty", EXPFILL }} + }; + /* The following are protocols as opposed to data within a protocol. These appear * in Wireshark a divider/header between different groups of data. */ @@ -3003,6 +3020,8 @@ proto_register_AllJoyn(void) proto_register_field_array(proto_AllJoyn_ns, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); + expert_alljoyn = expert_register_protocol(proto_AllJoyn_mess); + expert_register_field_array(expert_alljoyn, ei, array_length(ei)); /* ARDP */ /* name, short name, abbrev */ proto_AllJoyn_ardp = proto_register_protocol("AllJoyn Reliable Datagram Protocol", "AllJoyn ARDP", "ardp"); |