From 2789f4512f60d017cf4177fa33a7da77eab681cf Mon Sep 17 00:00:00 2001 From: Guy Harris Date: Sat, 25 May 2002 12:44:06 +0000 Subject: If, when trying to get the length of an NCP-over-TCP PDU, we don't see the right magic number at the beginning of the chunk of data, return the amount of data remaining as the length, rather than trusting the random word that follows to be a length usable for desegmentation. svn path=/trunk/; revision=5564 --- packet-ncp.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'packet-ncp.c') diff --git a/packet-ncp.c b/packet-ncp.c index 526b28a722..2283d02393 100644 --- a/packet-ncp.c +++ b/packet-ncp.c @@ -3,7 +3,7 @@ * Gilbert Ramirez * Modified to allow NCP over TCP/IP decodes by James Coe * - * $Id: packet-ncp.c,v 1.63 2002/05/25 01:05:56 guy Exp $ + * $Id: packet-ncp.c,v 1.64 2002/05/25 12:44:06 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -469,6 +469,18 @@ dissect_ncp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) static guint get_ncp_pdu_len(tvbuff_t *tvb, int offset) { + guint32 signature; + + /* + * Check the NCP-over-TCP header signature, to make sure it's there. + * If it's not there, we cannot trust the next 4 bytes to be a + * packet length+"has signature" flag, so we just say the length is + * "what remains in the packet". + */ + signature = tvb_get_ntohl(tvb, offset); + if (signature != NCPIP_RQST && signature != NCPIP_RPLY) + return tvb_length_remaining(tvb, offset); + /* * Get the length of the NCP-over-TCP packet. Strip off the "has * signature" flag. -- cgit v1.2.3