diff options
author | Anders Broman <anders.broman@ericsson.com> | 2009-04-16 19:02:52 +0000 |
---|---|---|
committer | Anders Broman <anders.broman@ericsson.com> | 2009-04-16 19:02:52 +0000 |
commit | c08d3013deecee62055dae9598263ec543deece5 (patch) | |
tree | feafbc4d2715d060b6bd91f75c6e0c3c43d34a5f /epan/dissectors/packet-nas_eps.c | |
parent | 6f74922803083d933eba4a846b38f8ad9447ad2e (diff) |
Fix bugs found with the aid of Gianluca Verin.
svn path=/trunk/; revision=28069
Diffstat (limited to 'epan/dissectors/packet-nas_eps.c')
-rw-r--r-- | epan/dissectors/packet-nas_eps.c | 67 |
1 files changed, 63 insertions, 4 deletions
diff --git a/epan/dissectors/packet-nas_eps.c b/epan/dissectors/packet-nas_eps.c index 244b3cc6dc..4039bc5c65 100644 --- a/epan/dissectors/packet-nas_eps.c +++ b/epan/dissectors/packet-nas_eps.c @@ -2631,6 +2631,9 @@ nas_esm_act_def_eps_bearer_ctx_acc(tvbuff_t *tvb, proto_tree *tree, guint32 offs curr_offset = offset; curr_len = len; + if(len==0) + return; + /* 27 Protocol configuration options Protocol configuration options 9.9.4.11 O TLV 3-253 */ ELEM_OPT_TLV( 0x27 , GSM_A_PDU_TYPE_GM, DE_PRO_CONF_OPT , "" ); @@ -2818,6 +2821,9 @@ nas_esm_deact_eps_bearer_ctx_acc(tvbuff_t *tvb, proto_tree *tree, guint32 offset curr_offset = offset; curr_len = len; + if(len==0) + return; + /* 27 Protocol configuration options Protocol configuration options 9.9.4.11 O TLV */ ELEM_OPT_TLV( 0x27 , GSM_A_PDU_TYPE_GM, DE_PRO_CONF_OPT , "" ); @@ -2848,6 +2854,17 @@ nas_esm_deact_eps_bearer_ctx_req(tvbuff_t *tvb, proto_tree *tree, guint32 offset * 8.3.13 ESM information request * No IE:s */ +static void +nas_esm_inf_req(tvbuff_t *tvb, proto_tree *tree, guint32 offset, guint len) +{ + guint32 curr_offset; + guint curr_len; + + curr_offset = offset; + curr_len = len; + + EXTRANEOUS_DATA_CHECK(curr_len, 0); +} /* * 8.3.14 ESM information response */ @@ -2861,8 +2878,11 @@ nas_esm_inf_resp(tvbuff_t *tvb, proto_tree *tree, guint32 offset, guint len) curr_offset = offset; curr_len = len; + if(len==0) + return; + /* 28 Access point name Access point name 9.9.4.1 O TLV 3-102 */ - ELEM_OPT_TLV( 0x27 , GSM_A_PDU_TYPE_GM, DE_ACC_POINT_NAME , "" ); + ELEM_OPT_TLV( 0x28 , GSM_A_PDU_TYPE_GM, DE_ACC_POINT_NAME , "" ); /* 27 Protocol configuration options Protocol configuration options 9.9.4.11 O TLV 3-253 */ ELEM_OPT_TLV( 0x27 , GSM_A_PDU_TYPE_GM, DE_PRO_CONF_OPT , "" ); @@ -2899,6 +2919,9 @@ nas_esm_mod_eps_bearer_ctx_acc(tvbuff_t *tvb, proto_tree *tree, guint32 offset, curr_offset = offset; curr_len = len; + if(len==0) + return; + /* 27 Protocol configuration options Protocol configuration options 9.9.4.11 O TLV 3-253 */ ELEM_OPT_TLV( 0x27 , GSM_A_PDU_TYPE_GM, DE_PRO_CONF_OPT , "" ); @@ -2937,6 +2960,8 @@ nas_esm_mod_eps_bearer_ctx_req(tvbuff_t *tvb, proto_tree *tree, guint32 offset, curr_offset = offset; curr_len = len; + if(len==0) + return; /* 5B New EPS QoS EPS quality of service 9.9.4.3 O TLV 3-11 */ ELEM_OPT_TLV( 0x27 , NAS_PDU_TYPE_ESM, DE_ESM_EPS_QOS , " - New EPS QoS" ); /* 36 TFT Traffic flow template 9.9.4.16 O TLV 3-257 */ @@ -3086,7 +3111,7 @@ static void (*nas_msg_esm_fcn[])(tvbuff_t *tvb, proto_tree *tree, guint32 offset nas_esm_bearer_res_all_rej, /* Bearer resource allocation reject*/ nas_esm_bearer_res_mod_req, /* Bearer resource modification request*/ nas_esm_bearer_res_mod_rej, /* Bearer resource modification reject*/ - NULL, /* ESM information request, No IE:s*/ + nas_esm_inf_req, /* ESM information request, No IE:s*/ nas_esm_inf_resp, /* ESM information response*/ nas_esm_status, /* ESM status */ @@ -3158,6 +3183,7 @@ void get_nas_emm_msg_params(guint8 oct, const gchar **msg_str, int *ett_tree, in return; } +/* EPS session management messages. */ static void disect_nas_eps_esm_msg(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { @@ -3166,13 +3192,40 @@ disect_nas_eps_esm_msg(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) gint ett_tree; int hf_idx; void (*msg_fcn)(tvbuff_t *tvb, proto_tree *tree, guint32 offset, guint len); - guint8 oct; + guint8 oct, security_header_type; int offset = 0; len = tvb_length(tvb); + /* 4.4.4.2 + * All ESM messages are integrity protected. + * + */ + security_header_type = 0; +#if 0 + /* 9.3.1 Security header type */ + security_header_type = tvb_get_guint8(tvb,offset)>>4; + proto_tree_add_item(tree, hf_nas_eps_security_header_type, tvb, 0, 1, FALSE); + proto_tree_add_item(tree, hf_gsm_a_L3_protocol_discriminator, tvb, 0, 1, FALSE); + offset++; + if (security_header_type !=0){ + /* Message authentication code */ + proto_tree_add_item(tree, hf_nas_eps_msg_auth_code, tvb, offset, 4, FALSE); + offset+=4; + if ((security_header_type==2)||(security_header_type==4)) + /* Integrity protected and ciphered = 2, Integrity protected and ciphered with new EPS security context = 4 */ + return; + } - /* EPS bearer identity 9.3.2 */ + /* Sequence number */ + proto_tree_add_item(tree, hf_nas_eps_seq_no, tvb, offset, 1, FALSE); + offset++; +#endif + /* The EPS bearer identity and the procedure transaction identity are only used in messages with protocol discriminator + * EPS session management. Octet 1a with the procedure transaction identity shall only be included in these messages. + * + * EPS bearer identity 9.3.2 + */ proto_tree_add_item(tree, hf_nas_eps_bearer_id, tvb, offset, 1, FALSE); /* Protocol discriminator 9.2 */ proto_tree_add_item(tree, hf_gsm_a_L3_protocol_discriminator, tvb, offset, 1, FALSE); @@ -3197,6 +3250,9 @@ disect_nas_eps_esm_msg(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) if (check_col(pinfo->cinfo, COL_INFO)){ col_append_fstr(pinfo->cinfo, COL_INFO, " %s ", msg_str); } + }else{ + proto_tree_add_text(tree, tvb, offset, 1,"Unknown message 0x%x",oct); + return; } /* @@ -3266,6 +3322,9 @@ dissect_nas_eps_emm_msg(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) if (check_col(pinfo->cinfo, COL_INFO)){ col_append_fstr(pinfo->cinfo, COL_INFO, " %s ", msg_str); } + }else{ + proto_tree_add_text(tree, tvb, offset, 1,"Unknown message 0x%x",oct); + return; } /* |