diff options
author | Laurent Deniel <laurent.deniel@free.fr> | 2003-03-08 14:21:15 +0000 |
---|---|---|
committer | Laurent Deniel <laurent.deniel@free.fr> | 2003-03-08 14:21:15 +0000 |
commit | 96a5616adaff9bf12a650d922e5b4a6b8ccea31f (patch) | |
tree | f87ac892de39462fd6807d051ce3f50aa2ab4229 /packet-smpp.c | |
parent | 642d0944193dff6bda86b234454ab5e4703d7fbb (diff) |
The SMPP dissector has a too light heuristic and
it wrongly decodes non SMPP packets.
Check that the overall PDU size is not greater
than 64K before accepting to decode the packet.
Check at least valid as of SMPP v3.4 issue 1.2.
svn path=/trunk/; revision=7326
Diffstat (limited to 'packet-smpp.c')
-rw-r--r-- | packet-smpp.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/packet-smpp.c b/packet-smpp.c index 6df90111b9..14fb8cc042 100644 --- a/packet-smpp.c +++ b/packet-smpp.c @@ -2,7 +2,7 @@ * Routines for Short Message Peer to Peer dissection * Copyright 2001, Tom Uijldert <tom.uijldert@cmg.nl> * - * $Id: packet-smpp.c,v 1.9 2002/08/13 09:03:23 guy Exp $ + * $Id: packet-smpp.c,v 1.10 2003/03/08 14:21:15 deniel Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -1293,6 +1293,7 @@ data_sm_resp(proto_tree *tree, tvbuff_t *tvb) * a genuine SMPP PDU here. * Only works when: * at least the fixed header is there + * it has a correct overall PDU length * it is a 'well-known' operation * has a 'well-known' status */ @@ -1301,9 +1302,13 @@ dissect_smpp_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { guint command_id; /* SMPP command */ guint command_status; /* Status code */ + guint command_length; /* length of PDU */ if (tvb_reported_length(tvb) < 4 * 4) /* Mandatory header */ return FALSE; + command_length = tvb_get_ntohl(tvb, 0); + if (command_length > 64 * 1024) + return FALSE; command_id = tvb_get_ntohl(tvb, 4); /* Only known commands */ if (match_strval(command_id, vals_command_id) == NULL) return FALSE; |