From 20c0fffc922e09cbb0dbd4317080d3f9ed6a9cae Mon Sep 17 00:00:00 2001
From: Guy Harris <guy@alum.mit.edu>
Date: Thu, 7 Aug 2014 20:38:11 -0700
Subject: [PATCH] Wrap some tvb_get_ptr calls in crc32c_tvb_offset_calculate().

This eliminates some tvb_get_ptr calls from dissectors, as part of
trying to minimize if not eliminate its use in dissectors (it's a bit of
what's called an "attractive nuisance", in that users who don't
understand what it does - and doesn't! - do may use it in ways that are
unsafe, e.g. thinking you can use it to get a null-terminated string
from a packet).

It also eliminates the possibility of passing one length to
tvb_get_ptr() and another to crc32c_calculate().

Change-Id: I8a07168d0bc088b45d607e00c5bb1d98421ebc73
Reviewed-on: https://code.wireshark.org/review/3488
Reviewed-by: Guy Harris <guy@alum.mit.edu>
---
 epan/crc32-tvb.c                   | 11 +++++++++++
 epan/crc32-tvb.h                   | 11 +++++++++++
 epan/dissectors/packet-iscsi.c     |  9 +++++----
 epan/dissectors/packet-iwarp-mpa.c |  4 ++--
 epan/dissectors/packet-zrtp.c      |  3 ++-
 5 files changed, 31 insertions(+), 7 deletions(-)

diff --git a/epan/crc32-tvb.c b/epan/crc32-tvb.c
index 68b4d119cb..e729ce79cf 100644
--- a/epan/crc32-tvb.c
+++ b/epan/crc32-tvb.c
@@ -78,6 +78,17 @@ crc32_ccitt_tvb_offset_seed(tvbuff_t *tvb, guint offset, guint len,
 	return ( crc32_ccitt_seed(buf, len, seed) );
 }
 
+guint32
+crc32c_tvb_offset_calculate(tvbuff_t *tvb, guint offset, guint len, guint32 seed)
+{
+	const guint8* buf;
+
+	tvb_ensure_bytes_exist(tvb, offset, len);  /* len == -1 not allowed */
+	buf = tvb_get_ptr(tvb, offset, len);
+
+	return ( crc32c_calculate(buf, len, seed) );
+}
+
 /*
  * IEEE 802.x version (Ethernet and 802.11, at least) - byte-swap
  * the result of "crc32()".
diff --git a/epan/crc32-tvb.h b/epan/crc32-tvb.h
index aff4cf1c37..e2371eb101 100644
--- a/epan/crc32-tvb.h
+++ b/epan/crc32-tvb.h
@@ -51,6 +51,17 @@ WS_DLL_PUBLIC guint32 crc32_ccitt_tvb_offset(tvbuff_t *tvb, guint offset, guint
  @return The CRC32 CCITT checksum (using the given seed). */
 WS_DLL_PUBLIC guint32 crc32_ccitt_tvb_seed(tvbuff_t *tvb, guint len, guint32 seed);
 
+/** Compute CRC32C checksum of a tv buffer.  If computing the
+ *  checksum over multiple tv buffers and you want to feed the partial CRC32
+ *  back in, remember to take the 1's complement of the partial CRC32 first.
+ @param tvb The tv buffer containing the data.
+ @param offset The offset into the tv buffer.
+ @param len The number of bytes to include in the computation.
+ @param seed The seed to use.
+ @return The CRC32C checksum (using the given seed). */
+WS_DLL_PUBLIC guint32 crc32c_tvb_offset_calculate(tvbuff_t *tvb, guint offset,
+                                           guint len, guint32 seed);
+
 /** Compute CRC32 CCITT checksum of a tv buffer.  If computing the
  *  checksum over multiple tv buffers and you want to feed the partial CRC32
  *  back in, remember to take the 1's complement of the partial CRC32 first.
diff --git a/epan/dissectors/packet-iscsi.c b/epan/dissectors/packet-iscsi.c
index 956df5d6d1..280706c7d7 100644
--- a/epan/dissectors/packet-iscsi.c
+++ b/epan/dissectors/packet-iscsi.c
@@ -44,6 +44,7 @@
 #include "packet-scsi.h"
 #include <epan/wmem/wmem.h>
 #include <epan/range.h>
+#include <epan/crc32-tvb.h>
 #include <wsutil/crc32.h>
 
 void proto_register_iscsi(void);
@@ -634,7 +635,7 @@ handleHeaderDigest(iscsi_session_t *iscsi_session, proto_item *ti, tvbuff_t *tvb
     switch(iscsi_session->header_digest){
     case ISCSI_DIGEST_CRC32:
         if(available_bytes >= (headerLen + 4)) {
-            guint32 crc = ~crc32c_calculate(tvb_get_ptr(tvb, offset, headerLen), headerLen, CRC32C_PRELOAD);
+            guint32 crc = ~crc32c_tvb_offset_calculate(tvb, offset, headerLen, CRC32C_PRELOAD);
             guint32 sent = tvb_get_ntohl(tvb, offset + headerLen);
             if(crc == sent) {
                 proto_tree_add_uint_format_value(ti, hf_iscsi_HeaderDigest32, tvb, offset + headerLen, 4, sent, "0x%08x (Good CRC32)", sent);
@@ -657,7 +658,7 @@ handleDataDigest(iscsi_session_t *iscsi_session, proto_item *ti, tvbuff_t *tvb,
         switch (iscsi_session->data_digest){
         case ISCSI_DIGEST_CRC32:
             if(available_bytes >= (dataLen + 4)) {
-                guint32 crc = ~crc32c_calculate(tvb_get_ptr(tvb, offset, dataLen), dataLen, CRC32C_PRELOAD);
+                guint32 crc = ~crc32c_tvb_offset_calculate(tvb, offset, dataLen, CRC32C_PRELOAD);
                 guint32 sent = tvb_get_ntohl(tvb, offset + dataLen);
                 if(crc == sent) {
                     proto_tree_add_uint_format_value(ti, hf_iscsi_DataDigest32, tvb, offset + dataLen, 4, sent, "0x%08x (Good CRC32)", sent);
@@ -2357,7 +2358,7 @@ dissect_iscsi(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean chec
             (iscsi_session->header_digest == ISCSI_DIGEST_AUTO)) {
             guint32 crc;
             /* we have enough data to test if HeaderDigest is enabled */
-            crc= ~crc32c_calculate(tvb_get_ptr(tvb, offset, 48+ahsLen*4), 48+ahsLen*4, CRC32C_PRELOAD);
+            crc= ~crc32c_tvb_offset_calculate(tvb, offset, 48+ahsLen*4, CRC32C_PRELOAD);
             if(crc==tvb_get_ntohl(tvb,48+ahsLen*4)){
                 iscsi_session->header_digest = ISCSI_DIGEST_CRC32;
             } else {
@@ -2390,7 +2391,7 @@ dissect_iscsi(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean chec
             (iscsi_session->data_digest == ISCSI_DIGEST_AUTO)) {
             guint32 crc;
             /* we have enough data to test if DataDigest is enabled */
-            crc = ~crc32c_calculate(tvb_get_ptr(tvb, data_segment_offset, data_segment_len_padded), data_segment_len_padded, CRC32C_PRELOAD);
+            crc = ~crc32c_tvb_offset_calculate(tvb, data_segment_offset, data_segment_len_padded, CRC32C_PRELOAD);
             if (crc == tvb_get_ntohl(tvb, data_segment_offset + data_segment_len_padded)) {
                 iscsi_session->data_digest = ISCSI_DIGEST_CRC32;
             } else {
diff --git a/epan/dissectors/packet-iwarp-mpa.c b/epan/dissectors/packet-iwarp-mpa.c
index f7364c84c7..a88bfdb131 100644
--- a/epan/dissectors/packet-iwarp-mpa.c
+++ b/epan/dissectors/packet-iwarp-mpa.c
@@ -32,6 +32,7 @@
 #include <epan/conversation.h>
 #include <epan/dissectors/packet-tcp.h>
 #include <epan/expert.h>
+#include <epan/crc32-tvb.h>
 #include <wsutil/crc32.h>
 
 void proto_register_mpa(void);
@@ -581,8 +582,7 @@ dissect_fpdu_crc(tvbuff_t *tvb, proto_tree *tree, mpa_state_t *state,
 
 	if (state->crc) {
 
-		crc = ~crc32c_calculate(tvb_get_ptr(tvb, 0, length), length,
-				CRC32C_PRELOAD);
+		crc = ~crc32c_tvb_offset_calculate(tvb, 0, length, CRC32C_PRELOAD);
 
 		sent_crc = tvb_get_ntohl(tvb, offset); /* crc start offset */
 
diff --git a/epan/dissectors/packet-zrtp.c b/epan/dissectors/packet-zrtp.c
index b15751375b..cfd94bf9ce 100644
--- a/epan/dissectors/packet-zrtp.c
+++ b/epan/dissectors/packet-zrtp.c
@@ -31,6 +31,7 @@
 #include <epan/packet.h>
 #include <epan/strutil.h>
 #include <epan/wmem/wmem.h>
+#include <epan/crc32-tvb.h>
 #include <wsutil/crc32.h>
 #include "packet-rtp.h"
 #include "packet-rtcp.h"
@@ -420,7 +421,7 @@ dissect_zrtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
   }
 
   sent_crc = tvb_get_ntohl(tvb, msg_offset+checksum_offset);
-  calc_crc = ~crc32c_calculate(tvb_get_ptr(tvb, 0, msg_offset+checksum_offset), msg_offset+checksum_offset, CRC32C_PRELOAD);
+  calc_crc = ~crc32c_tvb_offset_calculate(tvb, 0, msg_offset+checksum_offset, CRC32C_PRELOAD);
 
   if (sent_crc == calc_crc) {
     ti = proto_tree_add_uint_format_value(zrtp_tree, hf_zrtp_checksum, tvb, msg_offset+checksum_offset, 4, sent_crc,