diff options
| author | Pascal Quantin <pascal.quantin@gmail.com> | 2017-09-10 19:20:30 +0200 |
|---|---|---|
| committer | Anders Broman <a.broman58@gmail.com> | 2017-09-11 05:12:36 +0000 |
| commit | 3689dc1db36037436b1616715f9a3f888fc9a0f6 (patch) | |
| tree | 56778eab52b2d8c22f884f67d556d1cfdccb0f43 /epan/dissectors/packet-btatt.c | |
| parent | 1d3ca5ad41fc3a725442439464f9ead944b21779 (diff) | |
BTATT: add curr_layer_num to key tracking request / response
Otherwise in case of frames containing multiple BTATT packets at
different levels of encapsulation, we can retrieve the wrong structure
and start using the union with a wrong opcode based type
Bug: 14049
Change-Id: Ica5d8af8e84161d6f9daebbb90334f20082c5fa4
Reviewed-on: https://code.wireshark.org/review/23470
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'epan/dissectors/packet-btatt.c')
| -rw-r--r-- | epan/dissectors/packet-btatt.c | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/epan/dissectors/packet-btatt.c b/epan/dissectors/packet-btatt.c index 7d5d1b41a5..b48884b95e 100644 --- a/epan/dissectors/packet-btatt.c +++ b/epan/dissectors/packet-btatt.c @@ -3635,14 +3635,18 @@ get_request(tvbuff_t *tvb, gint offset, packet_info *pinfo, guint8 opcode, request_data_t *request_data; wmem_tree_key_t key[4]; wmem_tree_t *sub_wmemtree; - gint frame_number; + guint32 frame_number, curr_layer_num; + + curr_layer_num = pinfo->curr_layer_num; key[0].length = 1; key[0].key = &bluetooth_data->interface_id; key[1].length = 1; key[1].key = &bluetooth_data->adapter_id; - key[2].length = 0; - key[2].key = NULL; + key[2].length = 1; + key[2].key = &curr_layer_num; + key[3].length = 0; + key[3].key = NULL; frame_number = pinfo->num; @@ -3741,20 +3745,23 @@ static void save_request(packet_info *pinfo, guint8 opcode, union request_parameters_union parameters, bluetooth_data_t *bluetooth_data) { - wmem_tree_key_t key[4]; - guint32 frame_number; + wmem_tree_key_t key[5]; + guint32 frame_number, curr_layer_num; request_data_t *request_data; frame_number = pinfo->num; + curr_layer_num = pinfo->curr_layer_num; key[0].length = 1; key[0].key = &bluetooth_data->interface_id; key[1].length = 1; key[1].key = &bluetooth_data->adapter_id; key[2].length = 1; - key[2].key = &frame_number; - key[3].length = 0; - key[3].key = NULL; + key[2].key = &curr_layer_num; + key[3].length = 1; + key[3].key = &frame_number; + key[4].length = 0; + key[4].key = NULL; request_data = wmem_new(wmem_file_scope(), request_data_t); request_data->opcode = opcode; |