diff options
| author | Guy Harris <guy@alum.mit.edu> | 2004-06-15 09:23:59 +0000 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2004-06-15 09:23:59 +0000 |
| commit | f6b5e5a7ecf73f526c9b440d32ce7e2d50225435 (patch) | |
| tree | a202c94e6bc42faa35dc617b769fcd53dd2f5321 /packet-ncp2222.inc | |
| parent | bc2aa5d20e28128c88f8ae4dcb8160a26bbe4c9d (diff) | |
From Greg Morris:
Fix a bug in the dissection of multiple NDS messages being sent
at the same time that the dissector was attempting to desegment
data spanning multiple packets. When a message was encountered
during the desegmentation code the dissector would
misinterpret the new message as an element in the data stream.
Code was added to validate the desegmentation handle and
validate which messages actually contain segmented data.
svn path=/trunk/; revision=11147
Diffstat (limited to 'packet-ncp2222.inc')
| -rw-r--r-- | packet-ncp2222.inc | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/packet-ncp2222.inc b/packet-ncp2222.inc index 56768238a3..1d6e426af4 100644 --- a/packet-ncp2222.inc +++ b/packet-ncp2222.inc @@ -11,7 +11,7 @@ * Portions Copyright (c) Gilbert Ramirez 2000-2002 * Portions Copyright (c) Novell, Inc. 2000-2003 * - * $Id: packet-ncp2222.inc,v 1.70 2004/02/29 08:01:22 guy Exp $ + * $Id: packet-ncp2222.inc,v 1.71 2004/06/15 09:23:59 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -4127,7 +4127,7 @@ nds_defrag(tvbuff_t *tvb, packet_info *pinfo, guint16 nw_connection, guint8 sequ for (i = 0; i < 9; i++) { if (!frags[i].nds_fragmented) { - frags[i].nds_frag = 0; + frags[i].nds_frag = 0xfffffff0; } } /* Check to see if defragmentation is enabeled in the dissector */ @@ -4173,13 +4173,14 @@ nds_defrag(tvbuff_t *tvb, packet_info *pinfo, guint16 nw_connection, guint8 sequ } /* Get the fragment flag */ nds_frag = tvb_get_letohl(tvb, 12); + /* Now we need to find if this is a new fragment or already one defined. */ /* We currently limit the maximum number of simultaneous fragments to 100. */ for (i=0; i<100; i++) { - if (frags[i].nds_frag == nds_frag || frags[i].nds_frag == 0) + if (frags[i].nds_frag == nds_frag || frags[i].nds_frag == 0xfffffff0) { - if (frags[i].nds_frag == 0) + if (frags[i].nds_frag == 0xfffffff0) { frags[i].nds_length = 0; frags[i].nds_frag = nds_frag; @@ -4190,6 +4191,13 @@ nds_defrag(tvbuff_t *tvb, packet_info *pinfo, guint16 nw_connection, guint8 sequ } frag_count = i; + /* is this the end of an existing fragment or just another reply */ + if (nds_frag == 0xffffffff && request_value->nds_frag_num == 0xffffffff) + { + dissect_ncp_reply(tvb, pinfo, nw_connection, sequence, type, tree); + return; + } + /* Now we process the fragments */ if (request_value->nds_frag || (request_value->nds_end_frag == pinfo->fd->num)) { @@ -4263,7 +4271,7 @@ nds_defrag(tvbuff_t *tvb, packet_info *pinfo, guint16 nw_connection, guint8 sequ break; } } - if (frags[i].nds_frag == 0) + if (frags[i].nds_frag == 0xffffffff) { /* Error can't find fragment */ /*g_assert(0);*/ @@ -4784,7 +4792,7 @@ dissect_ncp_reply(tvbuff_t *tvb, packet_info *pinfo, error_string = ncp_error_string(ncp_rec->errors, completion_code); } else { - error_string = "Not OK"; + error_string = "Original Request Packet not Found"; } } if (type == NCP_SERVICE_REPLY && ncp_rec && ncp_rec->func==0x68 && @@ -8222,6 +8230,8 @@ dissect_nds_request(tvbuff_t *tvb, packet_info *pinfo, if (ncp_rec && !ncp_tree) { run_req_cond = TRUE; } + /* Keep track of the Fragment number in the request for defrag logic */ + request_value->nds_frag_num = nds_frag; } /* If we have to handle a request condition, or have to |