diff options
author | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2015-09-24 10:56:23 +0200 |
---|---|---|
committer | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2015-09-24 14:41:20 +0000 |
commit | af0e93c05685c8e3ffdca0d48b947767860105a9 (patch) | |
tree | f3081b820e0aadc270eedf5dd4351c9df5af42e7 /epan/dissectors/packet-quic.c | |
parent | fea2e4aaf84aa73d716070643225134b184dd545 (diff) |
QUIC: Fix some issue (Malformed frame) with handshake heuristics
Need to check if there is data before get a value...
Change-Id: I45592e9a2c55a5bce57a40f7e3153e8f540ca316
Reviewed-on: https://code.wireshark.org/review/10636
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Diffstat (limited to 'epan/dissectors/packet-quic.c')
-rw-r--r-- | epan/dissectors/packet-quic.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/epan/dissectors/packet-quic.c b/epan/dissectors/packet-quic.c index 3585eca792..f2ac58203c 100644 --- a/epan/dissectors/packet-quic.c +++ b/epan/dissectors/packet-quic.c @@ -553,6 +553,9 @@ static gboolean is_quic_handshake(tvbuff_t *tvb, guint offset, guint16 len_seq){ /* Error Code */ offset += 4; /* Reason Phrase Length */ + if (tvb_captured_length_remaining(tvb, offset) <= 2){ + return FALSE; + } len_reason = tvb_get_ntohs(tvb, offset); offset += 2; /* Reason Phrase */ @@ -567,6 +570,9 @@ static gboolean is_quic_handshake(tvbuff_t *tvb, guint offset, guint16 len_seq){ /* Last Good Stream ID */ offset += 4; /* Reason Phrase Length */ + if (tvb_captured_length_remaining(tvb, offset) <= 2){ + return FALSE; + } len_reason = tvb_get_ntohs(tvb, offset); offset += 2; /* Reason Phrase */ @@ -615,7 +621,8 @@ static gboolean is_quic_handshake(tvbuff_t *tvb, guint offset, guint16 len_seq){ /* Data length */ offset += len_data; - if ( tvb_captured_length(tvb) <= offset){ + + if (tvb_captured_length_remaining(tvb, offset) <= 4){ return FALSE; } @@ -645,7 +652,7 @@ static gboolean is_quic_handshake(tvbuff_t *tvb, guint offset, guint16 len_seq){ offset += 2; /* Num Timestamp */ - if ( tvb_captured_length(tvb) <= offset){ + if (tvb_captured_length_remaining(tvb, offset) <= 1){ return FALSE; } num_timestamp = tvb_get_guint8(tvb, offset); @@ -664,7 +671,7 @@ static gboolean is_quic_handshake(tvbuff_t *tvb, guint offset, guint16 len_seq){ if(frame_type & FTFLAGS_ACK_N){ /* Num Ranges */ - if ( tvb_captured_length(tvb) <= offset){ + if (tvb_captured_length_remaining(tvb, offset) <= 1){ return FALSE; } num_ranges = tvb_get_guint8(tvb, offset); @@ -674,7 +681,7 @@ static gboolean is_quic_handshake(tvbuff_t *tvb, guint offset, guint16 len_seq){ offset += num_ranges*(len_missing_packet+1); /* Num Revived */ - if ( tvb_captured_length(tvb) <= offset){ + if (tvb_captured_length_remaining(tvb, offset) <= 1){ return FALSE; } num_revived = tvb_get_guint8(tvb, offset); |