diff options
| author | Guy Harris <guy@alum.mit.edu> | 2018-05-31 10:22:49 -0700 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2018-05-31 17:23:28 +0000 |
| commit | 00f51fef21288100ee5b47aa51610533966de35a (patch) | |
| tree | 0841790f02b6949a2da3f1958c78d281d13cf4e6 /plugins | |
| parent | 64a2b4101adc57c11677789c8ecdfbbcc3e600e2 (diff) | |
Don't check the CRC if the message isn't big enough to have a CRC.
We should really do a better length check. This also suggests that we
might be going past the length if it's too short - should we create a
new tvbuff, with tvb_subset_length(), and dissect based on that?
Bug: 14780
Change-Id: Iaaab529f34b0168ad74c7b4f3e1b4255504c1b57
Reviewed-on: https://code.wireshark.org/review/27930
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/epan/wimax/wimax_harq_map_decoder.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/plugins/epan/wimax/wimax_harq_map_decoder.c b/plugins/epan/wimax/wimax_harq_map_decoder.c index 1d2a5bfdc7..ae6156f25e 100644 --- a/plugins/epan/wimax/wimax_harq_map_decoder.c +++ b/plugins/epan/wimax/wimax_harq_map_decoder.c @@ -108,6 +108,7 @@ static int dissector_wimax_harq_map_decoder(tvbuff_t *tvb, packet_info *pinfo, p /* display the DL IE count */ proto_tree_add_item(harq_map_tree, hf_harq_dl_ie_count, tvb, offset, 3, ENC_BIG_ENDIAN); /* get the message length */ + /* XXX - make sure the length isn't smaller than the minimum */ length = ((first_24bits & WIMAX_HARQ_MAP_MSG_LENGTH_MASK) >> WIMAX_HARQ_MAP_MSG_LENGTH_SHIFT); /* get the DL IE count */ dl_ie_count = ((first_24bits & WIMAX_HARQ_MAP_DL_IE_COUNT_MASK) >> WIMAX_HARQ_MAP_DL_IE_COUNT_SHIFT); @@ -151,9 +152,11 @@ static int dissector_wimax_harq_map_decoder(tvbuff_t *tvb, packet_info *pinfo, p /* add the CRC info */ proto_item_append_text(parent_item, ",CRC"); /* calculate the HARQ MAM Message CRC */ - calculated_crc = wimax_mac_calc_crc32(tvb_get_ptr(tvb, 0, length - (int)sizeof(harq_map_msg_crc)), length - (int)sizeof(harq_map_msg_crc)); - proto_tree_add_checksum(tree, tvb, length - (int)sizeof(harq_map_msg_crc), hf_harq_map_msg_crc, hf_harq_map_msg_crc_status, &ei_harq_map_msg_crc, - pinfo, calculated_crc, ENC_BIG_ENDIAN, PROTO_CHECKSUM_VERIFY); + if (length >= (int)sizeof(harq_map_msg_crc)) { + calculated_crc = wimax_mac_calc_crc32(tvb_get_ptr(tvb, 0, length - (int)sizeof(harq_map_msg_crc)), length - (int)sizeof(harq_map_msg_crc)); + proto_tree_add_checksum(tree, tvb, length - (int)sizeof(harq_map_msg_crc), hf_harq_map_msg_crc, hf_harq_map_msg_crc_status, &ei_harq_map_msg_crc, + pinfo, calculated_crc, ENC_BIG_ENDIAN, PROTO_CHECKSUM_VERIFY); + } } return tvb_captured_length(tvb); } |