From 668724b7eeb6541a2156063136ab986bce964450 Mon Sep 17 00:00:00 2001 From: guy Date: Sat, 13 Dec 2003 02:17:44 +0000 Subject: Check that the length in the ESIS header is sane, i.e. >= the length of the fixed-length part of the header. Make "variable_len" a "guint8", as the above check ensures it fits, make the length arguments to dissect routines "guint8" (same type as "guchar", but it makes it clearer that it's an integral value not a text character), and get rid of the casts of "variable_len". git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@9261 f5534014-38df-0310-8fa8-9805f1628bb7 --- packet-esis.c | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) (limited to 'packet-esis.c') diff --git a/packet-esis.c b/packet-esis.c index 5f55c7efe5..d769940900 100644 --- a/packet-esis.c +++ b/packet-esis.c @@ -2,7 +2,7 @@ * Routines for ISO/OSI End System to Intermediate System * Routing Exchange Protocol ISO 9542. * - * $Id: packet-esis.c,v 1.29 2003/12/11 21:23:36 ulfl Exp $ + * $Id: packet-esis.c,v 1.30 2003/12/13 02:17:44 guy Exp $ * Ralf Schneider * * Ethereal - Network traffic analyzer @@ -60,11 +60,11 @@ static const value_string esis_vals[] = { /* internal prototypes */ -static void esis_dissect_esh_pdu( guchar len, tvbuff_t *tvb, +static void esis_dissect_esh_pdu( guint8 len, tvbuff_t *tvb, proto_tree *treepd); -static void esis_dissect_ish_pdu( guchar len, tvbuff_t *tvb, +static void esis_dissect_ish_pdu( guint8 len, tvbuff_t *tvb, proto_tree *tree); -static void esis_dissect_redirect_pdu( guchar len, tvbuff_t *tvb, +static void esis_dissect_redirect_pdu( guint8 len, tvbuff_t *tvb, proto_tree *tree); /* ################## Descriptions ###########################################*/ @@ -149,7 +149,7 @@ esis_dissect_unknown( tvbuff_t *tvb, proto_tree *tree, char *fmat, ...){ static void -esis_dissect_esh_pdu( guchar len, tvbuff_t *tvb, proto_tree *tree) { +esis_dissect_esh_pdu( guint8 len, tvbuff_t *tvb, proto_tree *tree) { proto_tree *esis_area_tree; int offset = 0; int no_sa = 0; @@ -183,7 +183,7 @@ esis_dissect_esh_pdu( guchar len, tvbuff_t *tvb, proto_tree *tree) { } /* esis_dissect_esh_pdu */ ; static void -esis_dissect_ish_pdu( guchar len, tvbuff_t *tvb, proto_tree *tree) { +esis_dissect_ish_pdu( guint8 len, tvbuff_t *tvb, proto_tree *tree) { int offset = 0; int netl = 0; @@ -206,7 +206,7 @@ esis_dissect_ish_pdu( guchar len, tvbuff_t *tvb, proto_tree *tree) { }; static void -esis_dissect_redirect_pdu( guchar len, tvbuff_t *tvb, proto_tree *tree) { +esis_dissect_redirect_pdu( guint8 len, tvbuff_t *tvb, proto_tree *tree) { int offset = 0; int tmpl = 0; @@ -278,7 +278,7 @@ dissect_esis(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { esis_hdr_t ehdr; proto_item *ti; proto_tree *esis_tree = NULL; - int variable_len = 0; + guint8 variable_len; guint tmp_uint = 0; char *cksum_status; @@ -300,6 +300,12 @@ dissect_esis(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { return; } + if (ehdr.esis_length < ESIS_HDR_FIXED_LENGTH) { + esis_dissect_unknown(tvb, esis_tree, + "Bogus ESIS length (%u, must be >= %u)", + ehdr.esis_length, ESIS_HDR_FIXED_LENGTH ); + return; + } proto_tree_add_uint( esis_tree, hf_esis_nlpi, tvb, 0, 1, ehdr.esis_nlpi ); proto_tree_add_uint( esis_tree, hf_esis_length, tvb, 1, 1, ehdr.esis_length ); @@ -369,13 +375,13 @@ dissect_esis(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { switch (ehdr.esis_type & OSI_PDU_TYPE_MASK) { case ESIS_ESH_PDU: - esis_dissect_esh_pdu( (guchar) variable_len, tvb, esis_tree); + esis_dissect_esh_pdu( variable_len, tvb, esis_tree); break; case ESIS_ISH_PDU: - esis_dissect_ish_pdu( (guchar) variable_len, tvb, esis_tree); + esis_dissect_ish_pdu( variable_len, tvb, esis_tree); break; case ESIS_RD_PDU: - esis_dissect_redirect_pdu( (guchar) variable_len, tvb, esis_tree); + esis_dissect_redirect_pdu( variable_len, tvb, esis_tree); break; default: esis_dissect_unknown(tvb, esis_tree, -- cgit v1.2.3