diff options
| author | Evan Huus <eapache@gmail.com> | 2013-07-10 00:32:57 +0000 |
|---|---|---|
| committer | Evan Huus <eapache@gmail.com> | 2013-07-10 00:32:57 +0000 |
| commit | e2768d027c609f8c4b39a1f7e0288be2421ec5d8 (patch) | |
| tree | 6b28de3439131d22a6800428ceb5493c6d602a4c /epan | |
| parent | 83322789d1b0fd22270a866c1db1f4c5a3835e61 (diff) | |
The last bits of https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8828
Convert the last DISSECTOR_ASSERTs into potential expert infos, and do the right
offset manipulation and verification to avoid long (or infinite) loops when
those conditions are hit. This includes fixing some long loops I accidentally
introduced in r50432.
svn path=/trunk/; revision=50478
Diffstat (limited to 'epan')
| -rw-r--r-- | epan/dissectors/packet-dcom-sysact.c | 100 |
1 files changed, 84 insertions, 16 deletions
diff --git a/epan/dissectors/packet-dcom-sysact.c b/epan/dissectors/packet-dcom-sysact.c index 2f963b8d3e..ea83a44f16 100644 --- a/epan/dissectors/packet-dcom-sysact.c +++ b/epan/dissectors/packet-dcom-sysact.c @@ -258,6 +258,8 @@ dissect_dcom_Property_Guid(tvbuff_t *tvb, gint offset, packet_info *pinfo, } else { /* TODO: expert info */ + tvb_ensure_bytes_exist(tvb, offset, 16); + offset += 16; } return offset; @@ -287,6 +289,8 @@ dissect_dcom_Property_Size(tvbuff_t *tvb, gint offset, packet_info *pinfo, } else { /* TODO: expert info */ + tvb_ensure_bytes_exist(tvb, offset, 4); + offset += 4; } return offset; @@ -488,6 +492,11 @@ dissect_dcom_SpecialSystemProperties(tvbuff_t *tvb, gint offset, packet_info *pi old_offset = offset; + if (size <= 0) { + /* TODO: expert info */ + size = -1; + } + sub_item = proto_tree_add_text(tree, tvb, offset, size, "SpecialSystemProperties"); sub_tree = proto_item_add_subtree(sub_item, ett_dcom_spclsysprop); @@ -528,8 +537,11 @@ dissect_dcom_SpecialSystemProperties(tvbuff_t *tvb, gint offset, packet_info *pi } len = offset - old_offset; - DISSECTOR_ASSERT(len <= size); - if (size-len) { + if (size < len) { + /* TODO expert info */ + size = len; + } + else if (size > len) { proto_tree_add_text(sub_tree, tvb, offset, size - len, "UnusedBuffer: %d bytes", size - len); } @@ -567,6 +579,11 @@ dissect_dcom_InstantiationInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo, old_offset = offset; + if (size <= 0) { + /* TODO: expert info */ + size = -1; + } + sub_item = proto_tree_add_text(tree, tvb, offset, size, "InstantiationInfo"); sub_tree = proto_item_add_subtree(sub_item, ett_dcom_instantianinfo); @@ -597,8 +614,11 @@ dissect_dcom_InstantiationInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo, offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); len = offset - old_offset; - DISSECTOR_ASSERT(len <= size); - if (size-len) { + if (size < len) { + /* TODO expert info */ + size = len; + } + else if (size > len) { proto_tree_add_text(sub_tree, tvb, offset, size - len, "UnusedBuffer: %d bytes", size - len); } @@ -642,6 +662,11 @@ dissect_dcom_ActivationContextInfo(tvbuff_t *tvb, gint offset, packet_info *pinf old_offset = offset; + if (size <= 0) { + /* TODO: expert info */ + size = -1; + } + sub_item = proto_tree_add_text(tree, tvb, offset, size, "ActivationContextInfo"); sub_tree = proto_item_add_subtree(sub_item, ett_dcom_actctxinfo); @@ -665,8 +690,11 @@ dissect_dcom_ActivationContextInfo(tvbuff_t *tvb, gint offset, packet_info *pinf offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); len = offset - old_offset; - DISSECTOR_ASSERT(len <= size); - if (size-len) { + if (size < len) { + /* TODO expert info */ + size = len; + } + else if (size > len) { proto_tree_add_text(sub_tree, tvb, offset, size - len, "UnusedBuffer: %d bytes", size - len); } @@ -730,6 +758,11 @@ dissect_dcom_SecurtiyInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo, old_offset = offset; + if (size <= 0) { + /* TODO: expert info */ + size = -1; + } + sub_item = proto_tree_add_text(tree, tvb, offset, size, "SecurityInfo"); sub_tree = proto_item_add_subtree(sub_item, ett_dcom_securityinfo); @@ -745,8 +778,11 @@ dissect_dcom_SecurtiyInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo, offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); len = offset - old_offset; - DISSECTOR_ASSERT(len <= size); - if (size-len) { + if (size < len) { + /* TODO expert info */ + size = len; + } + else if (size > len) { proto_tree_add_text(sub_tree, tvb, offset, size - len, "UnusedBuffer: %d bytes", size - len); } @@ -765,6 +801,11 @@ dissect_dcom_LocationInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo, old_offset = offset; + if (size <= 0) { + /* TODO: expert info */ + size = -1; + } + sub_item = proto_tree_add_text(tree, tvb, offset, size, "LocationInfo"); sub_tree = proto_item_add_subtree(sub_item, ett_dcom_locationinfo); @@ -784,8 +825,11 @@ dissect_dcom_LocationInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo, offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); len = offset - old_offset; - DISSECTOR_ASSERT(len <= size); - if (size-len) { + if (size < len) { + /* TODO expert info */ + size = len; + } + else if (size > len) { proto_tree_add_text(sub_tree, tvb, offset, size - len, "UnusedBuffer: %d bytes", size - len); } @@ -855,6 +899,11 @@ dissect_dcom_ScmRqstInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo, old_offset = offset; + if (size <= 0) { + /* TODO: expert info */ + size = -1; + } + sub_item = proto_tree_add_text(tree, tvb, offset, size, "ScmRequestInfo"); sub_tree = proto_item_add_subtree(sub_item, ett_dcom_scmrqstinfo); @@ -869,8 +918,11 @@ dissect_dcom_ScmRqstInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo, offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); len = offset - old_offset; - DISSECTOR_ASSERT(len <= size); - if (size-len) { + if (size < len) { + /* TODO expert info */ + size = len; + } + else if (size > len) { proto_tree_add_text(sub_tree, tvb, offset, size - len, "UnusedBuffer: %d bytes", size - len); } @@ -958,6 +1010,11 @@ dissect_dcom_PropsOutInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo, old_offset = offset; + if (size <= 0) { + /* TODO: expert info */ + size = -1; + } + sub_item = proto_tree_add_text(tree, tvb, offset, size, "PropertiesOutput"); sub_tree = proto_item_add_subtree(sub_item, ett_dcom_propsoutput); @@ -975,8 +1032,11 @@ dissect_dcom_PropsOutInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo, offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); len = offset - old_offset; - DISSECTOR_ASSERT(len <= size); - if (size-len) { + if (size < len) { + /* TODO expert info */ + size = len; + } + else if (size > len) { proto_tree_add_text(sub_tree, tvb, offset, size - len, "UnusedBuffer: %d bytes", size - len); } @@ -1067,6 +1127,11 @@ dissect_dcom_ScmReplyInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo, old_offset = offset; + if (size <= 0) { + /* TODO: expert info */ + size = -1; + } + sub_item = proto_tree_add_text(tree, tvb, offset, size, "ScmReplyInfo"); sub_tree = proto_item_add_subtree(sub_item, ett_dcom_scmrespinfo); @@ -1081,8 +1146,11 @@ dissect_dcom_ScmReplyInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo, offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); len = offset - old_offset; - DISSECTOR_ASSERT(len <= size); - if (size-len) { + if (size < len) { + /* TODO expert info */ + size = len; + } + else if (size > len) { proto_tree_add_text(sub_tree, tvb, offset, size - len, "UnusedBuffer: %d bytes", size - len); } |