diff options
| author | Anders Broman <anders.broman@ericsson.com> | 2013-07-10 05:08:06 +0000 |
|---|---|---|
| committer | Anders Broman <anders.broman@ericsson.com> | 2013-07-10 05:08:06 +0000 |
| commit | d3e9ec675a21f9a52871c271855de7575868b792 (patch) | |
| tree | 25de832b487279a5b687ed809f13cb8f65c1e864 /epan/dissectors/packet-scsi-osd.c | |
| parent | eff82505550120c77e47ea90d79ca5ccd2ca4c36 (diff) | |
From Javier Godoy:
Proper dissection of responses with insufficient allocation length.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8919
svn path=/trunk/; revision=50481
Diffstat (limited to 'epan/dissectors/packet-scsi-osd.c')
| -rw-r--r-- | epan/dissectors/packet-scsi-osd.c | 29 |
1 files changed, 20 insertions, 9 deletions
diff --git a/epan/dissectors/packet-scsi-osd.c b/epan/dissectors/packet-scsi-osd.c index 96c62303d7..e5f7f4f0fc 100644 --- a/epan/dissectors/packet-scsi-osd.c +++ b/epan/dissectors/packet-scsi-osd.c @@ -1220,14 +1220,19 @@ dissect_osd_list_identifier(tvbuff_t *tvb, int offset, proto_tree *tree) return offset; } -static int -dissect_osd_allocation_length(tvbuff_t *tvb, int offset, proto_tree *tree) +static void +dissect_osd_allocation_length(tvbuff_t *tvb, int offset, proto_tree *tree, scsi_task_data_t *cdata) { /* allocation length */ proto_tree_add_item(tree, hf_scsi_osd_allocation_length, tvb, offset, 8, ENC_BIG_ENDIAN); - offset+=8; - return offset; + if (cdata) { + guint64 alloc_len = tvb_get_ntoh64(tvb,offset); + if (alloc_len>G_GINT64_CONSTANT(0xFFFFFFFF)) { + alloc_len=G_GINT64_CONSTANT(0xFFFFFFFF); + } + cdata->itlq->alloc_len=(guint32)alloc_len; + } } static int @@ -1310,7 +1315,7 @@ dissect_osd_list(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, if (osd2) { /* allocation length */ - dissect_osd_allocation_length(tvb, offset, tree); + dissect_osd_allocation_length(tvb, offset, tree, cdata); offset+=8; /* initial object id */ @@ -1326,7 +1331,7 @@ dissect_osd_list(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, offset+=4; /* allocation length */ - dissect_osd_allocation_length(tvb, offset, tree); + dissect_osd_allocation_length(tvb, offset, tree, cdata); offset+=8; /* initial object id */ @@ -1360,17 +1365,23 @@ dissect_osd_list(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, if(!isreq && !iscdb){ guint64 additional_length; + guint64 allocation_length; + guint64 remaining_length; gboolean is_root; guint8 format; - if (osd2&&tvb_length_remaining(tvb, offset)<24) return; - /* attribute data in */ dissect_osd_attribute_data_in(pinfo, tvb, offset, tree, cdata); + allocation_length=cdata->itlq->alloc_len; + remaining_length=tvb_length_remaining(tvb, offset); + if (remaining_length<allocation_length) allocation_length=remaining_length; + if (allocation_length<24) return; + /* dissection of the LIST DATA-IN */ /* additional length */ additional_length=tvb_get_ntoh64(tvb, offset); + if (allocation_length<additional_length) additional_length=allocation_length; dissect_osd_additional_length(tvb, offset, tree); @@ -2609,7 +2620,7 @@ dissect_osd_list_collection(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, offset+=4; /* allocation length */ - dissect_osd_allocation_length(tvb, offset, tree); + dissect_osd_allocation_length(tvb, offset, tree, cdata); offset+=8; /* initial object id */ |