afp: replace all calls to THROW() and do proper error handling

Change-Id: Ie471a67a978aeb54727d03f93b98e3e422441a58 Reviewed-on: https://code.wireshark.org/review/9119 Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
author: Martin Kaiser <wireshark@kaiser.cx> 2015-06-24 19:15:43 -0700
committer: Martin Kaiser <wireshark@kaiser.cx> 2015-06-25 15:32:49 +0000
commit: fe6ece9689d54e64e9f1fdc74170da343db16aff (patch)
tree: 89f744ada5298d7e165285aadc644b4b5bd858d6 /epan
parent: 47abcfc74721ea8bac35dbb877db615081720cff (diff)
1 files changed, 46 insertions, 50 deletions
diff --git a/epan/dissectors/packet-afp.c b/epan/dissectors/packet-afp.c
index bed4745f94..1add0ed3a5 100644
--- a/epan/dissectors/packet-afp.c
+++ b/epan/dissectors/packet-afp.c
@@ -3587,22 +3587,23 @@ dissect_reply_afp_map_name(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tr
 static gint
 dissect_query_afp_disconnect_old_session(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, gint offset)
 {
-	int len, orig_offset = offset;
+	guint32 token_len;
 
 	PAD(1);
 
 	proto_tree_add_item(tree, hf_afp_session_token_type, tvb, offset, 2, ENC_BIG_ENDIAN);
 	offset += 2;
 
-	len = tvb_get_ntohl(tvb, offset);
-	proto_tree_add_item(tree, hf_afp_session_token_len, tvb, offset, 4, ENC_BIG_ENDIAN);
+	proto_tree_add_item_ret_uint(tree, hf_afp_session_token_len,
+			tvb, offset, 4, ENC_BIG_ENDIAN, &token_len);
 	offset += 4;
 
-	proto_tree_add_item(tree, hf_afp_session_token, tvb, offset, len, ENC_NA);
-	offset += len;
+	if ((guint32)offset + token_len > G_MAXINT)
+		return offset;
 
-	if (offset <= orig_offset)
-		THROW(ReportedBoundsError);
+	proto_tree_add_item(tree, hf_afp_session_token,
+			tvb, offset, (gint)token_len, ENC_NA);
+	offset += (gint)token_len;
 
 	return offset;
 }
@@ -3612,31 +3613,32 @@ static gint
 dissect_query_afp_get_session_token(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, gint offset)
 {
 	guint16	token;
-	int len, orig_offset = offset;
+	guint32	token_len;
 
 	PAD(1);
+
 	token = tvb_get_ntohs(tvb, offset);
 	proto_tree_add_item(tree, hf_afp_session_token_type, tvb, offset, 2, ENC_BIG_ENDIAN);
 	offset += 2;
 	if (token == kLoginWithoutID || token == kGetKerberosSessionKey) /* 0 || 8 */
 		return offset;
 
-	len = tvb_get_ntohl(tvb, offset);
-	proto_tree_add_item(tree, hf_afp_session_token_len, tvb, offset, 4, ENC_BIG_ENDIAN);
+	proto_tree_add_item_ret_uint(tree, hf_afp_session_token_len,
+			tvb, offset, 4, ENC_BIG_ENDIAN, &token_len);
 	offset += 4;
 
-	switch (token) {
-	case kLoginWithTimeAndID:
-	case kReconnWithTimeAndID:
-		proto_tree_add_item(tree, hf_afp_session_token_timestamp, tvb, offset, 4, ENC_BIG_ENDIAN);
+	if (token==kLoginWithTimeAndID || token==kReconnWithTimeAndID) {
+		proto_tree_add_item(tree, hf_afp_session_token_timestamp,
+				tvb, offset, 4, ENC_BIG_ENDIAN);
 		offset += 4;
 	}
 
-	proto_tree_add_item(tree, hf_afp_session_token, tvb, offset, len, ENC_NA);
-	offset += len;
+	if ((guint32)offset + token_len > G_MAXINT)
+		return offset;
 
-	if (offset <= orig_offset)
-		THROW(ReportedBoundsError);
+	proto_tree_add_item(tree, hf_afp_session_token,
+			tvb, offset, (gint)token_len, ENC_NA);
+	offset += (gint)token_len;
 
 	return offset;
 }
@@ -3645,8 +3647,8 @@ dissect_query_afp_get_session_token(tvbuff_t *tvb, packet_info *pinfo _U_, proto
 static gint
 dissect_reply_afp_get_session_token(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, gint offset)
 {
-	int len, orig_offset = offset;
 	int size;
+	guint32 token_len;
 
 	/* FIXME spec and capture disagree : or it's 4 bytes with no token type, or it's 2 bytes */
 	size = 4;
@@ -3656,15 +3658,16 @@ dissect_reply_afp_get_session_token(tvbuff_t *tvb, packet_info *pinfo _U_, proto
 		offset += 2;
 	}
 	*/
-	len = tvb_get_ntohl(tvb, offset);
-	proto_tree_add_item(tree, hf_afp_session_token_len, tvb, offset, size, ENC_BIG_ENDIAN);
+	proto_tree_add_item_ret_uint(tree, hf_afp_session_token_len,
+			tvb, offset, size, ENC_BIG_ENDIAN, &token_len);
 	offset += size;
 
-	proto_tree_add_item(tree, hf_afp_session_token, tvb, offset, len, ENC_NA);
-	offset += len;
+	if ((guint32)offset + token_len > G_MAXINT)
+		return offset;
 
-	if (offset <= orig_offset)
-		THROW(ReportedBoundsError);
+	proto_tree_add_item(tree, hf_afp_session_token,
+			tvb, offset, (gint)token_len, ENC_NA);
+	offset += (gint)token_len;
 
 	return offset;
 }
@@ -3870,24 +3873,20 @@ dissect_query_afp_get_ext_attr(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tr
 static gint
 dissect_reply_afp_get_ext_attr(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, gint offset)
 {
-	guint32	 len;
-	guint	 remain;
-	int	 orig_offset = offset;
+	guint32	 extattr_len;
 
 	offset = decode_attr_bitmap(tree, tvb, offset);
 
-	len = tvb_get_ntohl(tvb, offset);
-	proto_tree_add_item(tree, hf_afp_extattr_len, tvb, offset, 4, ENC_BIG_ENDIAN);
+	proto_tree_add_item_ret_uint(tree, hf_afp_extattr_len,
+			tvb, offset, 4, ENC_BIG_ENDIAN, &extattr_len);
 	offset += 4;
 
-	remain =  tvb_reported_length_remaining(tvb, offset);
-	if (len && remain >= len ) {
-		proto_tree_add_item(tree, hf_afp_extattr_data, tvb, offset, len, ENC_NA);
-		offset += len;
-	}
+	if ((guint32)offset + extattr_len > G_MAXINT)
+		return offset;
 
-	if (offset <= orig_offset)
-		THROW(ReportedBoundsError);
+	proto_tree_add_item(tree, hf_afp_extattr_data,
+			tvb, offset, (gint)extattr_len, ENC_NA);
+	offset += (gint)extattr_len;
 
 	return offset;
 }
@@ -4654,30 +4653,27 @@ decode_kauth_ace(tvbuff_t *tvb, proto_tree *tree, gint offset)
 static gint
 decode_kauth_acl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset)
 {
-	int         entries;
-	int         i;
-	proto_tree *sub_tree;
-	proto_tree *ace_tree;
+	guint32     num_entries, i;
+	proto_tree *sub_tree, *ace_tree;
 	proto_item *item;
 
-	/* FIXME: preliminary decoding... */
-	entries = tvb_get_ntohl(tvb, offset);
-
-	item = proto_tree_add_item(tree, hf_afp_acl_entrycount, tvb, offset, 4, ENC_BIG_ENDIAN);
+	item = proto_tree_add_item_ret_uint(tree, hf_afp_acl_entrycount,
+			tvb, offset, 4, ENC_BIG_ENDIAN, &num_entries);
 	sub_tree = proto_item_add_subtree(item, ett_afp_ace_entries);
 	offset += 4;
 
 	proto_tree_add_item(tree, hf_afp_acl_flags, tvb, offset, 4, ENC_BIG_ENDIAN);
 	offset += 4;
 
-	if (entries > AFP_MAX_ACL_ENTRIES) {
-		expert_add_info_format(pinfo, item, &ei_afp_too_many_acl_entries, "Too many ACL entries (%u). Stopping dissection.", entries);
-		THROW(ReportedBoundsError);
+	if (num_entries > AFP_MAX_ACL_ENTRIES) {
+		expert_add_info_format(pinfo, item, &ei_afp_too_many_acl_entries,
+				"Too many ACL entries (%u). Stopping dissection.",
+				num_entries);
+		return offset;
 	}
 
-	for (i = 0; i < entries; i++) {
+	for (i = 0; i < num_entries; i++) {
 		ace_tree = proto_tree_add_subtree_format(sub_tree, tvb, offset, 24, ett_afp_ace_entry, NULL, "ACE: %u", i);
-
 		offset = decode_kauth_ace(tvb, ace_tree, offset);
 	}
author	Martin Kaiser <wireshark@kaiser.cx>	2015-06-24 19:15:43 -0700
committer	Martin Kaiser <wireshark@kaiser.cx>	2015-06-25 15:32:49 +0000
commit	fe6ece9689d54e64e9f1fdc74170da343db16aff (patch)
tree	89f744ada5298d7e165285aadc644b4b5bd858d6 /epan
parent	47abcfc74721ea8bac35dbb877db615081720cff (diff)