diff options
author | Dylan Ulis <daulis0@gmail.com> | 2018-02-07 16:34:11 -0500 |
---|---|---|
committer | Michael Mann <mmann78@netscape.net> | 2018-02-08 23:41:12 +0000 |
commit | e4c5efafb7da2d25b7d47fe2dac3b1556c0b67b0 (patch) | |
tree | 8e2b577782a9e11f0c459ab5ca04e00dad8acd35 /epan/dissectors/packet-cip.c | |
parent | 60c5ec67f81393d979534c47a069c154277e477b (diff) |
CIP: Highlight correct bytes in Req/Rsp processing
Previously, dissect_cip_generic_service_req and dissect_cip_generic_service_rsp
set lengths at different levels of the packet. In some cases, this would
cause a malformed packet when the data length was zero. This fixes the
malformed error by explicitly setting the length, instead of using -1.
The length of the service data set is not the data paylod for both
cases. Previously, for requests, it attempted to highlight the whole CIP
layer, but this was already covered by the full CIP protocol layer
length.
Change-Id: I4b4a99d30b9e04872fcf7ffb127c496e6062856c
Reviewed-on: https://code.wireshark.org/review/25672
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'epan/dissectors/packet-cip.c')
-rw-r--r-- | epan/dissectors/packet-cip.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/epan/dissectors/packet-cip.c b/epan/dissectors/packet-cip.c index 80da76233d..a6744c5043 100644 --- a/epan/dissectors/packet-cip.c +++ b/epan/dissectors/packet-cip.c @@ -5541,14 +5541,14 @@ dissect_cip_generic_service_req(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t add_cip_service_to_info_column(pinfo, service, cip_sc_vals); + req_path_size = tvb_get_guint8(tvb, offset + 1); + offset += ((req_path_size * 2) + 2); + /* Create service tree */ - cmd_data_tree = proto_tree_add_subtree(tree, tvb, 0, -1, ett_cmd_data, &cmd_data_item, + cmd_data_tree = proto_tree_add_subtree(tree, tvb, offset, 0, ett_cmd_data, &cmd_data_item, val_to_str(service, cip_sc_vals , "Unknown Service (0x%02x)")); proto_item_append_text(cmd_data_item, " (Request)"); - req_path_size = tvb_get_guint8( tvb, offset+1); - offset += ((req_path_size*2)+2); - int parsed_len = 0; switch(service) @@ -5589,6 +5589,8 @@ dissect_cip_generic_service_req(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t proto_tree_add_item(cmd_data_tree, hf_cip_data, tvb, offset + parsed_len, remain_len, ENC_NA); } + proto_item_set_len(cmd_data_item, parsed_len + remain_len); + return tvb_reported_length(tvb); } @@ -5931,7 +5933,7 @@ dissect_cip_generic_service_rsp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t add_cip_service_to_info_column(pinfo, service, cip_sc_vals); - cmd_data_tree = proto_tree_add_subtree(tree, tvb, offset, -1, + cmd_data_tree = proto_tree_add_subtree(tree, tvb, offset, 0, ett_cmd_data, &cmd_data_item, val_to_str(service, cip_sc_vals, "Unknown Service (0x%02x)")); proto_item_append_text(cmd_data_item, " (Response)"); @@ -5984,6 +5986,8 @@ dissect_cip_generic_service_rsp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t proto_tree_add_item(cmd_data_tree, hf_cip_data, tvb, offset + parsed_len, remain_len, ENC_NA); } + proto_item_set_len(cmd_data_item, parsed_len + remain_len); + return tvb_reported_length(tvb); } |