NAS EPS: fix dissection of multiple partial tracking area identity list

As reported on https://ask.wireshark.org/questions/54955/nas-tracking-area-identity-list-decoding-not-proper Change-Id: I8c4ed1982e1d72136558fb381d2d15b15c9e376c Reviewed-on: https://code.wireshark.org/review/17151 Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
author: Pascal Quantin <pascal.quantin@gmail.com> 2016-08-18 21:15:52 +0200
committer: Anders Broman <a.broman58@gmail.com> 2016-08-19 06:28:08 +0000
commit: d1c763c3f68c764ed7da85c79c4b000e5dad7ffb (patch)
tree: 4cec168375cfb49c33d3216117bffeac52e384fa /epan/dissectors/packet-nas_eps.c
parent: 8963303df76537d9520a3e9c431cb420fdcd7707 (diff)
1 files changed, 65 insertions, 64 deletions
diff --git a/epan/dissectors/packet-nas_eps.c b/epan/dissectors/packet-nas_eps.c
index f5e3b20c75..4ffcb63899 100644
--- a/epan/dissectors/packet-nas_eps.c
+++ b/epan/dissectors/packet-nas_eps.c
@@ -1724,78 +1724,79 @@ de_emm_trac_area_id_lst(tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo,
 
     curr_offset = offset;
 
-    proto_tree_add_bits_item(tree, hf_nas_eps_spare_bits, tvb, curr_offset<<3, 1, ENC_BIG_ENDIAN);
-    /* Type of list (octet 1) Bits 7 6 */
-    proto_tree_add_item(tree, hf_nas_eps_emm_tai_tol, tvb, curr_offset, 1, ENC_BIG_ENDIAN);
-    /* Number of elements (octet 1) Bits 5 4 3 2 1 */
-    octet = tvb_get_guint8(tvb,curr_offset)& 0x7f;
-    tol = octet >> 5;
-    n_elem = (octet & 0x1f)+1;
-    item = proto_tree_add_item(tree, hf_nas_eps_emm_tai_n_elem, tvb, curr_offset, 1, ENC_BIG_ENDIAN);
-    if (n_elem<16)
-        proto_item_append_text(item, " [+1 = %u element(s)]", n_elem);
-
-    curr_offset++;
-    if (tol>2) {
-        proto_tree_add_expert(tree, pinfo, &ei_nas_eps_unknown_type_of_list, tvb, curr_offset, len-(curr_offset-offset));
-        return len;
-    }
-
-    switch (tol) {
-        case 0:
-            /* MCC digit 2 MCC digit 1 octet 2
-             * MNC digit 3 MCC digit 3 octet 3
-             * MNC digit 2 MNC digit 1 octet 4
-             */
-            curr_offset = dissect_e212_mcc_mnc(tvb, pinfo, tree, curr_offset, E212_NONE, TRUE);
-            /* type of list = "000" */
-            /* TAC 1             octet 5
-             * TAC 1 (continued) octet 6
-             * ...
-             * ...
-             * TAC k             octet 2k+3*
-             * TAC k (continued) octet 2k+4*
-             */
-            if (len < (guint)(4+(n_elem*2))) {
-                proto_tree_add_expert(tree, pinfo, &ei_nas_eps_wrong_nb_of_elems, tvb, curr_offset, len-(curr_offset-offset));
-                return len;
-            }
-            for (i=0; i < n_elem; i++, curr_offset+=2)
-                proto_tree_add_item(tree, hf_nas_eps_emm_tai_tac, tvb, curr_offset, 2, ENC_BIG_ENDIAN);
-            break;
-        case 1:
+    while ((curr_offset - offset) < len) {
+        proto_tree_add_bits_item(tree, hf_nas_eps_spare_bits, tvb, curr_offset<<3, 1, ENC_BIG_ENDIAN);
+        /* Type of list (octet 1) Bits 7 6 */
+        proto_tree_add_item(tree, hf_nas_eps_emm_tai_tol, tvb, curr_offset, 1, ENC_BIG_ENDIAN);
+        /* Number of elements (octet 1) Bits 5 4 3 2 1 */
+        octet = tvb_get_guint8(tvb,curr_offset)& 0x7f;
+        tol = octet >> 5;
+        n_elem = (octet & 0x1f)+1;
+        item = proto_tree_add_item(tree, hf_nas_eps_emm_tai_n_elem, tvb, curr_offset, 1, ENC_BIG_ENDIAN);
+        if (n_elem<16)
+            proto_item_append_text(item, " [+1 = %u element(s)]", n_elem);
 
-            /* type of list = "010" */
-            /* MCC digit 2 MCC digit 1 octet 2
-             * MNC digit 3 MCC digit 3 octet 3
-             * MNC digit 2 MNC digit 1 octet 4
-             */
-            curr_offset = dissect_e212_mcc_mnc(tvb, pinfo, tree, curr_offset, E212_NONE, TRUE);
-            proto_tree_add_item(tree, hf_nas_eps_emm_tai_tac, tvb, curr_offset, 2, ENC_BIG_ENDIAN);
-            curr_offset+=2;
-            break;
-        case 2:
-            if (len< (guint)(1+(n_elem*5))) {
-                proto_tree_add_expert(tree, pinfo, &ei_nas_eps_wrong_nb_of_elems, tvb, curr_offset, len-(curr_offset-offset));
-                return len;
-            }
+        curr_offset++;
+        if (tol>2) {
+            proto_tree_add_expert(tree, pinfo, &ei_nas_eps_unknown_type_of_list, tvb, curr_offset, len-(curr_offset-offset));
+            return len;
+        }
 
-            for (i=0; i < n_elem; i++) {
+        switch (tol) {
+            case 0:
+                /* MCC digit 2 MCC digit 1 octet 2
+                * MNC digit 3 MCC digit 3 octet 3
+                * MNC digit 2 MNC digit 1 octet 4
+                */
+                curr_offset = dissect_e212_mcc_mnc(tvb, pinfo, tree, curr_offset, E212_NONE, TRUE);
+                /* type of list = "000" */
+                /* TAC 1             octet 5
+                * TAC 1 (continued) octet 6
+                * ...
+                * ...
+                * TAC k             octet 2k+3*
+                * TAC k (continued) octet 2k+4*
+                */
+                if (len < (guint)(4+(n_elem*2))) {
+                    proto_tree_add_expert(tree, pinfo, &ei_nas_eps_wrong_nb_of_elems, tvb, curr_offset, len-(curr_offset-offset));
+                    return len;
+                }
+                for (i=0; i < n_elem; i++, curr_offset+=2)
+                    proto_tree_add_item(tree, hf_nas_eps_emm_tai_tac, tvb, curr_offset, 2, ENC_BIG_ENDIAN);
+                break;
+            case 1:
                 /* type of list = "001" */
                 /* MCC digit 2 MCC digit 1 octet 2
-                 * MNC digit 3 MCC digit 3 octet 3
-                 * MNC digit 2 MNC digit 1 octet 4
-                 */
+                * MNC digit 3 MCC digit 3 octet 3
+                * MNC digit 2 MNC digit 1 octet 4
+                */
                 curr_offset = dissect_e212_mcc_mnc(tvb, pinfo, tree, curr_offset, E212_NONE, TRUE);
                 proto_tree_add_item(tree, hf_nas_eps_emm_tai_tac, tvb, curr_offset, 2, ENC_BIG_ENDIAN);
                 curr_offset+=2;
-            }
-            break;
-        default:
-            /* Unknown ( Not in 3GPP TS 24.301 version 8.1.0 Release 8 ) */
-            break;
+                break;
+            case 2:
+                if (len< (guint)(1+(n_elem*5))) {
+                    proto_tree_add_expert(tree, pinfo, &ei_nas_eps_wrong_nb_of_elems, tvb, curr_offset, len-(curr_offset-offset));
+                    return len;
+                }
+                for (i=0; i < n_elem; i++) {
+                    /* type of list = "010" */
+                    /* MCC digit 2 MCC digit 1 octet 2
+                    * MNC digit 3 MCC digit 3 octet 3
+                    * MNC digit 2 MNC digit 1 octet 4
+                    */
+                    curr_offset = dissect_e212_mcc_mnc(tvb, pinfo, tree, curr_offset, E212_NONE, TRUE);
+                    proto_tree_add_item(tree, hf_nas_eps_emm_tai_tac, tvb, curr_offset, 2, ENC_BIG_ENDIAN);
+                    curr_offset+=2;
+                }
+                break;
+            default:
+                /* Unknown ( Not in 3GPP TS 24.301 version 8.1.0 Release 8 ) */
+                EXTRANEOUS_DATA_CHECK(len, curr_offset - offset, pinfo, &ei_nas_eps_extraneous_data);
+                curr_offset = offset + len;
+                break;
+        }
     }
-    EXTRANEOUS_DATA_CHECK(len, curr_offset - offset, pinfo, &ei_nas_eps_extraneous_data);
 
     return(curr_offset-offset);
 }
author	Pascal Quantin <pascal.quantin@gmail.com>	2016-08-18 21:15:52 +0200
committer	Anders Broman <a.broman58@gmail.com>	2016-08-19 06:28:08 +0000
commit	d1c763c3f68c764ed7da85c79c4b000e5dad7ffb (patch)
tree	4cec168375cfb49c33d3216117bffeac52e384fa /epan/dissectors/packet-nas_eps.c
parent	8963303df76537d9520a3e9c431cb420fdcd7707 (diff)