diff options
author | Gerald Combs <gerald@wireshark.org> | 2020-11-08 13:55:24 -0800 |
---|---|---|
committer | Gerald Combs <gerald@wireshark.org> | 2020-11-08 14:03:31 -0800 |
commit | c394a7a87ba4fb8a838d2b39fb942acc47a112fb (patch) | |
tree | 2251d2bdb31f3096fe9a99250e20e39f5b9e8497 /epan/dissectors/packet-kafka.c | |
parent | 913001b8177556a4fc3bd12dedda73ed14f69ba7 (diff) |
Kafka: Fixup returned offsets and initialize variables.
Many of the Kafka dissector's type dissection routines either returned
an offset or -1 in the event of an error. We don't appear to check for
errors anywhere, so ensure that those routines always return a valid
offset.
Make those routines always initialize their type offset and length
variables. Fixes #16985.
Diffstat (limited to 'epan/dissectors/packet-kafka.c')
-rw-r--r-- | epan/dissectors/packet-kafka.c | 67 |
1 files changed, 48 insertions, 19 deletions
diff --git a/epan/dissectors/packet-kafka.c b/epan/dissectors/packet-kafka.c index 1d9275d35c..d94735379d 100644 --- a/epan/dissectors/packet-kafka.c +++ b/epan/dissectors/packet-kafka.c @@ -959,7 +959,7 @@ dissect_kafka_regular_array(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, if (count < -1) { // -1 means null array expert_add_info(pinfo, proto_tree_get_parent(tree), &ei_kafka_bad_array_length); - return -1; + return offset; } offset = dissect_kafka_array_elements(tree, tvb, pinfo, offset, api_version, func, count); @@ -986,7 +986,7 @@ dissect_kafka_compact_array(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, len = tvb_get_varint(tvb, offset, FT_VARINT_MAX_LEN, &count, ENC_VARINT_PROTOBUF); if (len == 0 || count > 0x7ffffffL) { expert_add_info(pinfo, proto_tree_get_parent(tree), &ei_kafka_bad_array_length); - return -1; + return offset; } offset += len; @@ -1035,7 +1035,7 @@ dissect_kafka_varint(proto_tree *tree, int hf_item, tvbuff_t *tvb, packet_info * if (len == 0) { expert_add_info(pinfo, pi, &ei_kafka_bad_varint); - return -1; + return offset; } if (p_value != NULL) *p_value = value; @@ -1056,7 +1056,7 @@ dissect_kafka_varuint(proto_tree *tree, int hf_item, tvbuff_t *tvb, packet_info if (len == 0) { expert_add_info(pinfo, pi, &ei_kafka_bad_varint); - return -1; + return offset; } if (p_value != NULL) *p_value = value; @@ -1094,7 +1094,13 @@ dissect_kafka_regular_string(proto_tree *tree, int hf_item, tvbuff_t *tvb, packe if (length < -1) { pi = proto_tree_add_item(tree, hf_item, tvb, offset, 0, ENC_NA); expert_add_info(pinfo, pi, &ei_kafka_bad_string_length); - return -1; + if (p_offset) { + *p_offset = 2; + } + if (p_length) { + *p_length = 0; + } + return offset + 2; } if (length == -1) { @@ -1129,7 +1135,13 @@ dissect_kafka_compact_string(proto_tree *tree, int hf_item, tvbuff_t *tvb, packe if (len == 0) { pi = proto_tree_add_item(tree, hf_item, tvb, offset, 0, ENC_NA); expert_add_info(pinfo, pi, &ei_kafka_bad_varint); - return -1; + if (p_offset) { + *p_offset = 0; + } + if (p_length) { + *p_length = 0; + } + return offset; } if (length == 0) { @@ -1142,10 +1154,9 @@ dissect_kafka_compact_string(proto_tree *tree, int hf_item, tvbuff_t *tvb, packe if (p_offset != NULL) *p_offset = offset + len; if (p_length != NULL) *p_length = (gint)length - 1; - if (length == 0) { - offset += len; - } else { - offset += len + (gint)length - 1; + offset += len; + if (length > 0) { + offset += (gint)length - 1; } return offset; @@ -1179,7 +1190,13 @@ dissect_kafka_regular_bytes(proto_tree *tree, int hf_item, tvbuff_t *tvb, packet if (length < -1) { pi = proto_tree_add_item(tree, hf_item, tvb, offset, 0, ENC_NA); expert_add_info(pinfo, pi, &ei_kafka_bad_string_length); - return -1; + if (p_offset) { + *p_offset = 2; + } + if (p_length) { + *p_length = 0; + } + return offset + 2; } if (length == -1) { @@ -1215,7 +1232,13 @@ dissect_kafka_compact_bytes(proto_tree *tree, int hf_item, tvbuff_t *tvb, packet if (len == 0) { pi = proto_tree_add_item(tree, hf_item, tvb, offset, 0, ENC_NA); expert_add_info(pinfo, pi, &ei_kafka_bad_varint); - return -1; + if (p_offset) { + *p_offset = 0; + } + if (p_length) { + *p_length = 0; + } + return offset; } if (length == 0) { @@ -1289,7 +1312,7 @@ dissect_kafka_offset_delta(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tr pi = proto_tree_add_int64(tree, hf_item, tvb, offset, len, base_offset+val); if (len == 0) { expert_add_info(pinfo, pi, &ei_kafka_bad_varint); - return -1; + return offset; } return offset+len; @@ -1536,10 +1559,10 @@ dissect_kafka_record(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, in len = tvb_get_varint(tvb, offset, 5, &size, ENC_VARINT_ZIGZAG); if (len == 0) { expert_add_info(pinfo, record_ti, &ei_kafka_bad_varint); - return -1; + return offset; } else if (size < 6) { expert_add_info(pinfo, record_ti, &ei_kafka_bad_record_length); - return -1; + return offset + len; } end_offset = offset + len + (gint)size; @@ -1919,7 +1942,7 @@ dissect_kafka_message_old(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, i offset = bytes_offset; } else { expert_add_info(pinfo, message_ti, &ei_kafka_bad_bytes_length); - return -1; + return offset; } /* @@ -1933,7 +1956,7 @@ dissect_kafka_message_old(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, i offset = bytes_offset; } else { expert_add_info(pinfo, message_ti, &ei_kafka_bad_bytes_length); - return -1; + return offset; } } else { length = tvb_get_ntohl(tvb, offset); @@ -2120,7 +2143,13 @@ dissect_kafka_tagged_field_data(proto_tree *tree, int hf_item, tvbuff_t *tvb, pa pi = proto_tree_add_item(tree, hf_item, tvb, offset+len, (gint)length, ENC_NA); if (len == 0) { expert_add_info(pinfo, pi, &ei_kafka_bad_varint); - return -1; + if (p_offset) { + *p_offset = 0; + } + if (p_len) { + *p_len = 0; + } + return offset; } offset = offset + len + (gint)length; @@ -2167,7 +2196,7 @@ dissect_kafka_tagged_fields(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, len = tvb_get_varint(tvb, offset, FT_VARINT_MAX_LEN, &count, ENC_VARINT_PROTOBUF); if (len == 0) { expert_add_info(pinfo, subtree, &ei_kafka_bad_varint); - return -1; + return offset; } offset += len; |