GIOP dissector doesn't handle two packets in a row

Make the GIOP TCP-based dissector correctly handle multiple GIOP messages in a TCP segment, and when the second is malformed. Bug: 10760 Change-Id: Ie82a1d72a43218e50c6856028a5ef25ad1f0c340 Reviewed-on: https://code.wireshark.org/review/6025 Reviewed-by: Anders Broman <a.broman58@gmail.com>
author: Hadriel Kaplan <hadriel@128technology.com> 2014-12-23 16:34:01 -0500
committer: Anders Broman <a.broman58@gmail.com> 2014-12-24 21:26:55 +0000
commit: 4b6141bf2244b915294f18772c8eb6e06863ff57 (patch)
tree: ebeb39d5b3c614ef93355aa3435c9d7e08f76964 /epan/dissectors/packet-giop.c
parent: e03ffe25833216694a0d1a543f180b2969ef339e (diff)
1 files changed, 9 insertions, 6 deletions
diff --git a/epan/dissectors/packet-giop.c b/epan/dissectors/packet-giop.c
index bb3aec38b3..147eac7ddd 100644
--- a/epan/dissectors/packet-giop.c
+++ b/epan/dissectors/packet-giop.c
@@ -4814,23 +4814,26 @@ static int dissect_giop_common (tvbuff_t * tvb, packet_info * pinfo, proto_tree
 }
 
 static guint
-get_giop_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset _U_)
+get_giop_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset)
 {
 
   MessageHeader header;
   guint message_size;
 
-  if (tvb_get_ntohl(tvb, 0) != GIOP_MAGIC_NUMBER)
+  if (tvb_reported_length_remaining(tvb, offset) < GIOP_HEADER_SIZE)
+    return 0;
+
+  if (tvb_get_ntohl(tvb, 0 + offset) != GIOP_MAGIC_NUMBER)
     return 0;
 
   /* Get minimal header information to determine endianness, size */
-  header.GIOP_version.minor = tvb_get_guint8(tvb, 5);
-  header.flags = tvb_get_guint8(tvb, 6);
+  header.GIOP_version.minor = tvb_get_guint8(tvb, 5 + offset);
+  header.flags = tvb_get_guint8(tvb, 6 + offset);
 
   if (is_big_endian (&header))
-    message_size = tvb_get_ntohl(tvb, 8);
+    message_size = tvb_get_ntohl(tvb, 8 + offset);
   else
-    message_size = tvb_get_letohl(tvb, 8);
+    message_size = tvb_get_letohl(tvb, 8 + offset);
 
   /* Make sure the size is reasonable, otherwise just take the header */
   if (message_size > GIOP_MAX_MESSAGE_SIZE)
author	Hadriel Kaplan <hadriel@128technology.com>	2014-12-23 16:34:01 -0500
committer	Anders Broman <a.broman58@gmail.com>	2014-12-24 21:26:55 +0000
commit	4b6141bf2244b915294f18772c8eb6e06863ff57 (patch)
tree	ebeb39d5b3c614ef93355aa3435c9d7e08f76964 /epan/dissectors/packet-giop.c
parent	e03ffe25833216694a0d1a543f180b2969ef339e (diff)