diff options
author | Gerald Combs <gerald@wireshark.org> | 2018-01-09 09:45:13 -0800 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2018-01-10 09:19:06 +0000 |
commit | 5dbc1d8d1c14aea4fda820567d6ac0e226027ed3 (patch) | |
tree | 62af7258bfe87cfd81a2e7e9e66c9ca12a4b0abe /wiretap/vwr.c | |
parent | 33708998b4e0fdc47132f00b6d1e081c86fdbf6a (diff) |
IxVeriWave: Adjust signature timestamp checking.
Move the signature timestamp bounds checks inside get_signature_ts. Fix
what appears to be an off-by-one error.
Bug: 14297
Change-Id: I9ca1762a8418e47153f270a1a62b2d0d3a800130
Reviewed-on: https://code.wireshark.org/review/25229
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'wiretap/vwr.c')
-rw-r--r-- | wiretap/vwr.c | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/wiretap/vwr.c b/wiretap/vwr.c index b8be2f25d2..c6242e4f6d 100644 --- a/wiretap/vwr.c +++ b/wiretap/vwr.c @@ -808,7 +808,7 @@ static gboolean vwr_read_rec_data_ethernet(vwr_t *, struct wtap_pkthdr *, int, int *, gchar **); static int find_signature(const guint8 *, int, int, register guint32, register guint8); -static guint64 get_signature_ts(const guint8 *, int); +static guint64 get_signature_ts(const guint8 *, int, int); static float get_legacy_rate(guint8); static float get_ht_rate(guint8, guint16); static float get_vht_rate(guint8, guint16, guint8); @@ -1268,8 +1268,8 @@ static gboolean vwr_read_s1_W_rec(vwr_t *vwr, struct wtap_pkthdr *phdr, /* extract the 32 LSBs of the signature timestamp field from the data block*/ pay_off = 42; /* 24 (MAC) + 8 (SNAP) + IP */ sig_off = find_signature(m_ptr, rec_size - 6, pay_off, flow_id, flow_seq); - if ((m_ptr[sig_off] == 0xdd) && (sig_off + 15 <= (rec_size - v22_W_STATS_LEN))) - sig_ts = get_signature_ts(m_ptr, sig_off); + if (m_ptr[sig_off] == 0xdd) + sig_ts = get_signature_ts(m_ptr, sig_off, rec_size - v22_W_STATS_LEN); else sig_ts = 0; @@ -1669,8 +1669,8 @@ static gboolean vwr_read_s2_W_rec(vwr_t *vwr, struct wtap_pkthdr *phdr, m_ptr = &(rec[8+12]); pay_off = 42; /* 24 (MAC) + 8 (SNAP) + IP */ sig_off = find_signature(m_ptr, rec_size - 20, pay_off, flow_id, flow_seq); - if ((m_ptr[sig_off] == 0xdd) && (sig_off + 15 <= (rec_size - vVW510021_W_STATS_TRAILER_LEN))) - sig_ts = get_signature_ts(m_ptr, sig_off); + if (m_ptr[sig_off] == 0xdd) + sig_ts = get_signature_ts(m_ptr, sig_off, rec_size - vVW510021_W_STATS_TRAILER_LEN); else sig_ts = 0; @@ -2168,8 +2168,8 @@ static gboolean vwr_read_s3_W_rec(vwr_t *vwr, struct wtap_pkthdr *phdr, m_ptr = &(rec[stats_offset+8+12]); pay_off = 42; /* 24 (MAC) + 8 (SNAP) + IP */ sig_off = find_signature(m_ptr, rec_size - 20, pay_off, flow_id, flow_seq); - if ((m_ptr[sig_off] == 0xdd) && (sig_off + 15 <= (rec_size - vVW510021_W_STATS_TRAILER_LEN))) - sig_ts = get_signature_ts(m_ptr, sig_off); + if (m_ptr[sig_off] == 0xdd) + sig_ts = get_signature_ts(m_ptr, sig_off, rec_size - vVW510021_W_STATS_TRAILER_LEN); else sig_ts = 0; @@ -2692,8 +2692,8 @@ static gboolean vwr_read_rec_data_ethernet(vwr_t *vwr, struct wtap_pkthdr *phdr, } sig_off = find_signature(m_ptr, rec_size, pay_off, flow_id, flow_seq); - if ((m_ptr[sig_off] == 0xdd) && (sig_off + 15 <= msdu_length) && (f_flow != 0)) - sig_ts = get_signature_ts(m_ptr, sig_off); + if ((m_ptr[sig_off] == 0xdd) && (f_flow != 0)) + sig_ts = get_signature_ts(m_ptr, sig_off, msdu_length); else sig_ts = 0; @@ -3233,11 +3233,14 @@ int find_signature(const guint8 *m_ptr, int rec_size, int pay_off, guint32 flow_ } /* utility routine: harvest the signature time stamp from the data frame */ -guint64 get_signature_ts(const guint8 *m_ptr,int sig_off) +guint64 get_signature_ts(const guint8 *m_ptr,int sig_off, int sig_max) { int ts_offset; guint64 sig_ts; + if (sig_off + 15 >= sig_max) + return 0; + if (m_ptr[sig_off + 15] == 0xe2) ts_offset = 5; else |