From 88576ea658a5f4a59e19cbf143ed7d665db04eb2 Mon Sep 17 00:00:00 2001
From: Peter Wu <peter@lekensteyn.nl>
Date: Mon, 23 Apr 2018 12:11:22 +0200
Subject: QUIC: fix decoding of initial_max_streams_uni/bidi

These fields have always been 16-bit values, see
https://tools.ietf.org/html/draft-ietf-quic-transport-11#section-6.4.1

Noticed with picoquic-11.pcap, note that ngtcp2-10.pcap triggers the
expert info due to a bug fixed in ngtcp2 2939ff618e4a.

Bug: 13881
Change-Id: I867703f5399f3d9c2cfe7d0488f4be83c0a5b4a2
Reviewed-on: https://code.wireshark.org/review/27097
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
---
 epan/dissectors/packet-ssl-utils.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

(limited to 'epan/dissectors/packet-ssl-utils.c')

diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
index 56bf2aa0d5..70e81d95fb 100644
--- a/epan/dissectors/packet-ssl-utils.c
+++ b/epan/dissectors/packet-ssl-utils.c
@@ -6598,6 +6598,7 @@ ssl_dissect_hnd_hello_ext_quic_transport_parameters(ssl_common_dissect_t *hf, tv
     while (offset < next_offset) {
         guint32 parameter_type;
         proto_tree *parameter_tree;
+        guint32 parameter_end_offset;
 
         parameter_tree = proto_tree_add_subtree(tree, tvb, offset, 4, hf->ett.hs_ext_quictp_parameter,
                                                 NULL, "Parameter");
@@ -6615,6 +6616,7 @@ ssl_dissect_hnd_hello_ext_quic_transport_parameters(ssl_common_dissect_t *hf, tv
         offset += 2;
         proto_item_append_text(parameter_tree, " (len=%u)", parameter_length);
         proto_item_set_len(parameter_tree, 4 + parameter_length);
+        parameter_end_offset = offset + parameter_length;
 
         proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_value,
                             tvb, offset, parameter_length, ENC_NA);
@@ -6634,9 +6636,9 @@ ssl_dissect_hnd_hello_ext_quic_transport_parameters(ssl_common_dissect_t *hf, tv
             break;
             case SSL_HND_QUIC_TP_INITIAL_MAX_STREAMS_BIDI:
                 proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_streams_bidi,
-                                    tvb, offset, 4, ENC_BIG_ENDIAN);
+                                    tvb, offset, 2, ENC_BIG_ENDIAN);
                 proto_item_append_text(parameter_tree, " %u", tvb_get_ntohl(tvb, offset));
-                offset += 4;
+                offset += 2;
             break;
             case SSL_HND_QUIC_TP_IDLE_TIMEOUT:
                 proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_idle_timeout,
@@ -6667,9 +6669,9 @@ ssl_dissect_hnd_hello_ext_quic_transport_parameters(ssl_common_dissect_t *hf, tv
             break;
             case SSL_HND_QUIC_TP_INITIAL_MAX_STREAMS_UNI:
                 proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_streams_uni,
-                                    tvb, offset, 4, ENC_BIG_ENDIAN);
+                                    tvb, offset, 2, ENC_BIG_ENDIAN);
                 proto_item_append_text(parameter_tree, " %u", tvb_get_ntohl(tvb, offset));
-                offset += 4;
+                offset += 2;
             break;
             default:
                 offset += parameter_length;
@@ -6677,6 +6679,10 @@ ssl_dissect_hnd_hello_ext_quic_transport_parameters(ssl_common_dissect_t *hf, tv
             break;
         }
 
+        if (!ssl_end_vector(hf, tvb, pinfo, parameter_tree, offset, parameter_end_offset)) {
+            /* Dissection did not end at expected location, fix it. */
+            offset = parameter_end_offset;
+        }
     }
 
     return offset;
-- 
cgit v1.2.3