diff options
author | Evan Huus <eapache@gmail.com> | 2014-07-06 08:53:48 -0400 |
---|---|---|
committer | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2014-07-06 16:53:39 +0000 |
commit | be4d42c6ab54169c8c027d3b1871a282fd9d0a9d (patch) | |
tree | 8d1e47e7ccecd1fdd7db3eea54bf390e99f3f8da /epan/dissectors/packet-openflow_v4.c | |
parent | 5886e45179844c412c67a226010a12039ebbcc0a (diff) |
Widen openflow variables and check for underflows
As suggested by Alexis reviewing change Ie76c5a810af927b, this issue was
scattered throughout the v4/v5 openflow dissectors. Hopefully I got all of them.
Original issue found in bug 10259.
Change-Id: Idf87deea34132aec5cd4e8f83264906a29b15568
Reviewed-on: https://code.wireshark.org/review/2878
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Diffstat (limited to 'epan/dissectors/packet-openflow_v4.c')
-rw-r--r-- | epan/dissectors/packet-openflow_v4.c | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/epan/dissectors/packet-openflow_v4.c b/epan/dissectors/packet-openflow_v4.c index b45996ca97..5e20c045e3 100644 --- a/epan/dissectors/packet-openflow_v4.c +++ b/epan/dissectors/packet-openflow_v4.c @@ -1129,7 +1129,7 @@ dissect_openflow_match_v4(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tre proto_tree *match_tree; guint16 match_type; guint16 match_length; - guint16 fields_end; + gint32 fields_end; guint16 pad_length; match_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_openflow_v4_match, &ti, "Match"); @@ -1972,7 +1972,7 @@ dissect_openflow_action_v4(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tr proto_tree *act_tree; guint16 act_type; guint16 act_length; - guint16 act_end; + gint32 act_end; act_type = tvb_get_ntohs(tvb, offset); act_length = tvb_get_ntohs(tvb, offset + 2); @@ -2358,7 +2358,8 @@ static void dissect_openflow_packet_out_v4(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, guint16 length _U_) { proto_tree *data_tree; - guint16 acts_len, acts_end; + guint16 acts_len; + gint32 acts_end; tvbuff_t *next_tvb; gboolean save_writable; gboolean save_in_error_pkt; @@ -2478,7 +2479,7 @@ dissect_openflow_instruction_v4(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tre proto_tree *inst_tree; guint16 inst_type; guint16 inst_length; - guint16 acts_end; + gint32 acts_end; inst_type = tvb_get_ntohs(tvb, offset); inst_length = tvb_get_ntohs(tvb, offset + 2); @@ -2658,7 +2659,7 @@ dissect_openflow_bucket_v4(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tr proto_item *ti; proto_tree *bucket_tree; guint16 bucket_length; - guint16 acts_end; + gint32 acts_end; bucket_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_openflow_v4_bucket, &ti, "Bucket"); @@ -2668,6 +2669,10 @@ dissect_openflow_bucket_v4(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tr proto_tree_add_item(bucket_tree, hf_openflow_v4_bucket_length, tvb, offset, 2, ENC_BIG_ENDIAN); offset+=2; + if (bucket_length < 16) { + bucket_length = 16; + } + /* uint16_t weight; */ proto_tree_add_item(bucket_tree, hf_openflow_v4_bucket_weight, tvb, offset, 2, ENC_BIG_ENDIAN); offset+=2; @@ -3098,7 +3103,7 @@ dissect_openflow_table_features_v4(tvbuff_t *tvb, packet_info *pinfo _U_, proto_ proto_item *ti; proto_tree *feat_tree; guint16 feat_length; - guint16 feat_end; + gint32 feat_end; feat_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_openflow_v4_table_features, &ti, "Table features"); @@ -3403,7 +3408,7 @@ dissect_openflow_flow_stats_v4(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree proto_item *ti; proto_tree *stats_tree, *flags_tree; guint16 stats_len; - guint16 stats_end; + gint32 stats_end; stats_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_openflow_v4_flow_stats, &ti, "Flow stats"); @@ -3688,7 +3693,7 @@ dissect_openflow_group_stats_v4(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tre proto_item *ti; proto_tree *stats_tree; guint16 stats_len; - guint16 stats_end; + gint32 stats_end; stats_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_openflow_v4_group_stats, &ti, "Group stats"); @@ -3750,7 +3755,7 @@ dissect_openflow_group_desc_v4(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree proto_tree *desc_tree; guint16 desc_len; - guint16 desc_end; + gint32 desc_end; desc_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_openflow_v4_group_desc, &ti, "Group description"); @@ -3996,7 +4001,7 @@ dissect_openflow_meter_config_v4(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tr proto_item *ti; proto_tree *conf_tree, *flags_tree; guint16 config_len; - guint16 config_end; + gint32 config_end; conf_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_openflow_v4_meter_config, &ti, "Meter config"); |