aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--epan/dissectors/packet-btl2cap.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/epan/dissectors/packet-btl2cap.c b/epan/dissectors/packet-btl2cap.c
index 6e66aa28e5..6863e58ad9 100644
--- a/epan/dissectors/packet-btl2cap.c
+++ b/epan/dissectors/packet-btl2cap.c
@@ -36,6 +36,7 @@
#include <epan/packet.h>
#include <etypes.h>
#include <epan/emem.h>
+#include <epan/expert.h>
#include "packet-bthci_acl.h"
#include "packet-btl2cap.h"
@@ -875,10 +876,19 @@ static void dissect_i_frame(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
/*Segmented frames with SAR = start have an extra SDU length header field*/
if(segment == 0x01) {
+ proto_item *pi;;
sdulen = tvb_get_letohs(tvb, offset);
- proto_tree_add_item(btl2cap_tree, hf_btl2cap_sdulength, tvb, offset, 2, TRUE);
+ pi = proto_tree_add_item(btl2cap_tree, hf_btl2cap_sdulength, tvb, offset, 2, TRUE);
offset += 2;
length -= 6; /*Control, SDUlength, FCS*/
+
+ /* Detect malformed data */
+ if (sdulen < length) {
+ sdulen = length;
+ expert_add_info_format(pinfo, pi, PI_MALFORMED, PI_WARN,
+ "SDU length less than length of first packet");
+ }
+
if(!pinfo->fd->flags.visited){
mfp=se_alloc(sizeof(sdu_reassembly_t));
mfp->first_frame=pinfo->fd->num;
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-30 05:27:43 +0000