osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

WAP: check that tvb_get_guintvar does not overflow 

Bug: 12661
Change-Id: I2ef857d6be6595fd89f3dbb8d41c1c70d550ad93
Reviewed-on: https://code.wireshark.org/review/16665
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit is contained in:
Pascal Quantin 2016-07-25 17:08:26 +02:00 committed by Anders Broman
parent 56706427f5
commit 2193bea321
5 changed files with 139 additions and 117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
epan/dissectors/packet-mmse.c
View File

@ -35,6 +35,7 @@
#include <epan/packet.h>
#include <epan/expert.h>
#include <epan/to_str.h>
#include <epan/strutil.h>
#include "packet-wap.h"
@ -248,6 +249,8 @@ static int hf_mmse_header_bytes = -1;
static gint ett_mmse = -1;
static gint ett_mmse_hdr_details = -1;
static expert_field ei_mmse_oversized_uintvar = EI_INIT;
/*
* Valuestrings for PDU types
*/
@ -480,11 +483,12 @@ get_text_string(tvbuff_t *tvb, guint offset, const char **strval)
* \param offset Offset within that buffer
* \param byte_count Returns the length in bytes of
* the "Value-length" field.
* \param pinfo packet_info structure
*
* \return The actual value of "Value-length"
*/
static guint
get_value_length(tvbuff_t *tvb, guint offset, guint *byte_count)
get_value_length(tvbuff_t *tvb, guint offset, guint *byte_count, packet_info *pinfo)
{
guint field;
@ -492,7 +496,7 @@ get_value_length(tvbuff_t *tvb, guint offset, guint *byte_count)
if (field < 31)
*byte_count = 1;
else { /* Must be 31 so, Uintvar follows */
field = tvb_get_guintvar(tvb, offset, byte_count);
field = tvb_get_guintvar(tvb, offset, byte_count, pinfo, &ei_mmse_oversized_uintvar);
(*byte_count)++;
}
return field;
@ -511,7 +515,7 @@ get_value_length(tvbuff_t *tvb, guint offset, guint *byte_count)
* \return The length in bytes of the entire field
*/
static guint
get_encoded_strval(tvbuff_t *tvb, guint offset, const char **strval)
get_encoded_strval(tvbuff_t *tvb, guint offset, const char **strval, packet_info *pinfo)
{
guint field;
guint length;
@ -520,7 +524,7 @@ get_encoded_strval(tvbuff_t *tvb, guint offset, const char **strval)
field = tvb_get_guint8(tvb, offset);
if (field < 32) {
length = get_value_length(tvb, offset, &count);
length = get_value_length(tvb, offset, &count, pinfo);
if (length < 2) {
*strval = "";
} else {
@ -774,7 +778,7 @@ dissect_mmse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 pdut,
}
break;
case MM_BCC_HDR: /* Encoded-string-value */
length = get_encoded_strval(tvb, offset, &strval);
length = get_encoded_strval(tvb, offset, &strval, pinfo);
if (tree) {
proto_tree_add_string(mmse_tree, hf_mmse_bcc, tvb,
offset - 1, length + 1, strval);
@ -782,7 +786,7 @@ dissect_mmse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 pdut,
offset += length;
break;
case MM_CC_HDR: /* Encoded-string-value */
length = get_encoded_strval(tvb, offset, &strval);
length = get_encoded_strval(tvb, offset, &strval, pinfo);
if (tree) {
proto_tree_add_string(mmse_tree, hf_mmse_cc, tvb,
offset - 1, length + 1, strval);
@ -796,7 +800,7 @@ dissect_mmse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 pdut,
if (length == 0x1F) {
guint length_len = 0;
length = tvb_get_guintvar(tvb, offset + 1,
&length_len);
&length_len, pinfo, &ei_mmse_oversized_uintvar);
length += 1 + length_len;
} else {
length += 1;
@ -841,7 +845,7 @@ dissect_mmse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 pdut,
* Value-length(Absolute-token Date-value|
* Relative-token Delta-seconds-value)
*/
length = get_value_length(tvb, offset, &count);
length = get_value_length(tvb, offset, &count, pinfo);
field = tvb_get_guint8(tvb, offset + count);
if (tree) {
guint tval;
@ -870,7 +874,7 @@ dissect_mmse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 pdut,
* Value-length(Absolute-token Date-value|
* Relative-token Delta-seconds-value)
*/
length = get_value_length(tvb, offset, &count);
length = get_value_length(tvb, offset, &count, pinfo);
field = tvb_get_guint8(tvb, offset + count);
if (tree) {
guint tval;
@ -897,7 +901,7 @@ dissect_mmse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 pdut,
* Value-length(Address-present-token Encoded-string-value
* |Insert-address-token)
*/
length = get_value_length(tvb, offset, &count);
length = get_value_length(tvb, offset, &count, pinfo);
if (tree) {
field = tvb_get_guint8(tvb, offset + count);
if (field == 0x81) {
@ -906,7 +910,7 @@ dissect_mmse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 pdut,
"<insert address>");
} else {
(void) get_encoded_strval(tvb, offset + count + 1,
&strval);
&strval, pinfo);
proto_tree_add_string(mmse_tree, hf_mmse_from, tvb,
offset-1, length + count + 1, strval);
}
@ -992,7 +996,7 @@ dissect_mmse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 pdut,
if (length == 0x1F) {
guint length_len = 0;
length = tvb_get_guintvar(tvb, offset + 1,
&length_len);
&length_len, pinfo, &ei_mmse_oversized_uintvar);
length += 1 + length_len;
} else {
length += 1;
@ -1004,7 +1008,7 @@ dissect_mmse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 pdut,
"<Undecoded value for m-mbox-delete-conf>");
}
} else {
length = get_encoded_strval(tvb, offset, &strval);
length = get_encoded_strval(tvb, offset, &strval, pinfo);
if (tree) {
proto_tree_add_string(mmse_tree,
hf_mmse_response_text, tvb, offset - 1,
@ -1028,7 +1032,7 @@ dissect_mmse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 pdut,
}
break;
case MM_SUBJECT_HDR: /* Encoded-string-value */
length = get_encoded_strval(tvb, offset, &strval);
length = get_encoded_strval(tvb, offset, &strval, pinfo);
if (tree) {
proto_tree_add_string(mmse_tree, hf_mmse_subject, tvb,
offset - 1, length + 1, strval);
@ -1036,7 +1040,7 @@ dissect_mmse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 pdut,
offset += length;
break;
case MM_TO_HDR: /* Encoded-string-value */
length = get_encoded_strval(tvb, offset, &strval);
length = get_encoded_strval(tvb, offset, &strval, pinfo);
if (tree) {
proto_tree_add_string(mmse_tree, hf_mmse_to, tvb,
offset - 1, length + 1, strval);
@ -1061,7 +1065,7 @@ dissect_mmse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 pdut,
if (length == 0x1F) {
guint length_len = 0;
length = tvb_get_guintvar(tvb, offset + 1,
&length_len);
&length_len, pinfo, &ei_mmse_oversized_uintvar);
length += 1 + length_len;
} else {
length += 1;
@ -1074,7 +1078,7 @@ dissect_mmse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 pdut,
}
} else {
/* Encoded-string-value */
length = get_encoded_strval(tvb, offset, &strval);
length = get_encoded_strval(tvb, offset, &strval, pinfo);
if (tree) {
proto_tree_add_string(mmse_tree,
hf_mmse_retrieve_text, tvb, offset - 1,
@ -1102,7 +1106,7 @@ dissect_mmse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 pdut,
* Value-length(Absolute-token Date-value|
* Relative-token Delta-seconds-value)
*/
length = get_value_length(tvb, offset, &count);
length = get_value_length(tvb, offset, &count, pinfo);
field = tvb_get_guint8(tvb, offset + count);
if (tree) {
guint tval;
@ -1144,7 +1148,7 @@ dissect_mmse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 pdut,
break;
case MM_PREV_SENT_BY_HDR:
/* Value-length Integer-value Encoded-string-value */
length = get_value_length(tvb, offset, &count);
length = get_value_length(tvb, offset, &count, pinfo);
if (tree) {
guint32 fwd_count, count1, count2;
proto_tree *subtree = NULL;
@ -1154,7 +1158,7 @@ dissect_mmse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 pdut,
&count1);
/* 2. Encoded-string-value */
count2 = get_encoded_strval(tvb,
offset + count + count1, &strval);
offset + count + count1, &strval, pinfo);
/* Now render the fields */
tii = proto_tree_add_string_format(mmse_tree,
hf_mmse_prev_sent_by,
@ -1175,7 +1179,7 @@ dissect_mmse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 pdut,
break;
case MM_PREV_SENT_DATE_HDR:
/* Value-Length Forwarded-count-value Date-value */
length = get_value_length(tvb, offset, &count);
length = get_value_length(tvb, offset, &count, pinfo);
if (tree) {
guint32 fwd_count, count1, count2;
guint tval;
@ -1242,7 +1246,7 @@ dissect_mmse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 pdut,
if (peek == 0x1F) { /* Value length in guintvar */
guint length_len = 0;
length = 1 + tvb_get_guintvar(tvb, offset + 1,
&length_len);
&length_len, pinfo, &ei_mmse_oversized_uintvar);
length += length_len;
} else { /* Value length in octet */
length = 1 + tvb_get_guint8(tvb, offset);
@ -1647,13 +1651,22 @@ proto_register_mmse(void)
&ett_mmse_hdr_details,
};
/* Register the protocol name and description */
static ei_register_info ei[] = {
{ &ei_mmse_oversized_uintvar, { "mmse.oversized_uintvar", PI_MALFORMED, PI_ERROR, "Uintvar is oversized", EXPFILL }}
};
expert_module_t* expert_mmse;
/* Register the protocol name and description */
proto_mmse = proto_register_protocol("MMS Message Encapsulation",
"MMSE", "mmse");
/* Required function calls to register header fields and subtrees used */
proto_register_field_array(proto_mmse, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
expert_mmse = expert_register_protocol(proto_mmse);
expert_register_field_array(expert_mmse, ei, array_length(ei));
}
/* If this dissector uses sub-dissector registration add registration routine.

6
epan/dissectors/packet-wap.c
View File

@ -38,7 +38,7 @@
* the final value. Can be pre-initialised to start at offset+count.
*/
guint
tvb_get_guintvar (tvbuff_t *tvb, guint offset, guint *octetCount)
tvb_get_guintvar (tvbuff_t *tvb, guint offset, guint *octetCount, packet_info *pinfo, expert_field *ei)
{
guint value = 0;
guint octet;
@ -70,6 +70,10 @@ tvb_get_guintvar (tvbuff_t *tvb, guint offset, guint *octetCount)
#endif
}
if (counter > 5) {
proto_tree_add_expert(NULL, pinfo, ei, tvb, offset, counter);
value = 0;
}
if (octetCount != NULL)
{
*octetCount = counter;

3
epan/dissectors/packet-wap.h
View File

@ -30,6 +30,7 @@
#include <glib.h>
#include <epan/packet.h>
#include <epan/expert.h>
/* Port Numbers as per IANA */
/* < URL:http://www.iana.org/assignments/port-numbers/ > */
@ -69,7 +70,7 @@
*/
/* Utility function for reading Uintvar encoded values */
guint tvb_get_guintvar (tvbuff_t *, guint , guint *);
guint tvb_get_guintvar (tvbuff_t *, guint , guint *, packet_info *, expert_field *);
/*
* Misc TODO:

132
epan/dissectors/packet-wbxml.c
View File

@ -177,6 +177,7 @@ static gint ett_wbxml_string_table_item = -1;
static expert_field ei_wbxml_data_not_shown = EI_INIT;
static expert_field ei_wbxml_content_type_not_supported = EI_INIT;
static expert_field ei_wbxml_content_type_disabled = EI_INIT;
static expert_field ei_wbxml_oversized_uintvar = EI_INIT;
/* WBXML Preferences */
static gboolean skip_wbxml_token_mapping = FALSE;
@ -266,14 +267,14 @@ typedef char * (* ext_t_func_ptr)(tvbuff_t *, guint32, guint32);
* char * opaque_literal_function(tvbuff_t *tvb, guint32 offset,
* const char *token, guint8 codepage, guint32 *length);
*/
typedef char * (* opaque_token_func_ptr)(tvbuff_t *, guint32, guint8, guint8, guint32 *);
typedef char * (* opaque_literal_func_ptr)(tvbuff_t *, guint32, const char *, guint8, guint32 *);
typedef char * (* opaque_token_func_ptr)(tvbuff_t *, guint32, guint8, guint8, guint32 *, packet_info *);
typedef char * (* opaque_literal_func_ptr)(tvbuff_t *, guint32, const char *, guint8, guint32 *, packet_info *);
static char *
default_opaque_binary_tag(tvbuff_t *tvb, guint32 offset,
guint8 token _U_, guint8 codepage _U_, guint32 *length)
guint8 token _U_, guint8 codepage _U_, guint32 *length, packet_info *pinfo)
{
guint32 data_len = tvb_get_guintvar(tvb, offset, length);
guint32 data_len = tvb_get_guintvar(tvb, offset, length, pinfo, &ei_wbxml_oversized_uintvar);
char *str = wmem_strdup_printf(wmem_packet_scope(), "(%u bytes of opaque data)", data_len);
*length += data_len;
return str;
@ -281,9 +282,9 @@ default_opaque_binary_tag(tvbuff_t *tvb, guint32 offset,
static char *
default_opaque_literal_tag(tvbuff_t *tvb, guint32 offset,
const char *token _U_, guint8 codepage _U_, guint32 *length)
const char *token _U_, guint8 codepage _U_, guint32 *length, packet_info *pinfo)
{
guint32 data_len = tvb_get_guintvar(tvb, offset, length);
guint32 data_len = tvb_get_guintvar(tvb, offset, length, pinfo, &ei_wbxml_oversized_uintvar);
char *str = wmem_strdup_printf(wmem_packet_scope(), "(%u bytes of opaque data)", data_len);
*length += data_len;
return str;
@ -291,9 +292,9 @@ default_opaque_literal_tag(tvbuff_t *tvb, guint32 offset,
static char *
default_opaque_binary_attr(tvbuff_t *tvb, guint32 offset,
guint8 token _U_, guint8 codepage _U_, guint32 *length)
guint8 token _U_, guint8 codepage _U_, guint32 *length, packet_info *pinfo)
{
guint32 data_len = tvb_get_guintvar(tvb, offset, length);
guint32 data_len = tvb_get_guintvar(tvb, offset, length, pinfo, &ei_wbxml_oversized_uintvar);
char *str = wmem_strdup_printf(wmem_packet_scope(), "(%u bytes of opaque data)", data_len);
*length += data_len;
return str;
@ -301,9 +302,9 @@ default_opaque_binary_attr(tvbuff_t *tvb, guint32 offset,
static char *
default_opaque_literal_attr(tvbuff_t *tvb, guint32 offset,
const char *token _U_, guint8 codepage _U_, guint32 *length)
const char *token _U_, guint8 codepage _U_, guint32 *length, packet_info *pinfo)
{
guint32 data_len = tvb_get_guintvar(tvb, offset, length);
guint32 data_len = tvb_get_guintvar(tvb, offset, length, pinfo, &ei_wbxml_oversized_uintvar);
char *str = wmem_strdup_printf(wmem_packet_scope(), "(%u bytes of opaque data)", data_len);
*length += data_len;
return str;
@ -444,9 +445,9 @@ wv_integer_from_opaque(tvbuff_t *tvb, guint32 offset, guint32 data_len)
static char *
wv_csp10_opaque_binary_tag(tvbuff_t *tvb, guint32 offset,
guint8 token, guint8 codepage, guint32 *length)
guint8 token, guint8 codepage, guint32 *length, packet_info *pinfo)
{
guint32 data_len = tvb_get_guintvar(tvb, offset, length);
guint32 data_len = tvb_get_guintvar(tvb, offset, length, pinfo, &ei_wbxml_oversized_uintvar);
char *str = NULL;
switch (codepage) {
@ -507,9 +508,9 @@ wv_csp10_opaque_binary_tag(tvbuff_t *tvb, guint32 offset,
static char *
wv_csp10_opaque_literal_tag(tvbuff_t *tvb, guint32 offset,
const char *token, guint8 codepage _U_, guint32 *length)
const char *token, guint8 codepage _U_, guint32 *length, packet_info *pinfo)
{
guint32 data_len = tvb_get_guintvar(tvb, offset, length);
guint32 data_len = tvb_get_guintvar(tvb, offset, length, pinfo, &ei_wbxml_oversized_uintvar);
char *str = NULL;
if ( token && ( (strcmp(token, "Code") == 0)
@ -542,9 +543,9 @@ wv_csp10_opaque_literal_tag(tvbuff_t *tvb, guint32 offset,
static char *
wv_csp11_opaque_binary_tag(tvbuff_t *tvb, guint32 offset,
guint8 token, guint8 codepage, guint32 *length)
guint8 token, guint8 codepage, guint32 *length, packet_info *pinfo)
{
guint32 data_len = tvb_get_guintvar(tvb, offset, length);
guint32 data_len = tvb_get_guintvar(tvb, offset, length, pinfo, &ei_wbxml_oversized_uintvar);
char *str = NULL;
switch (codepage) {
@ -614,9 +615,9 @@ wv_csp11_opaque_binary_tag(tvbuff_t *tvb, guint32 offset,
static char *
wv_csp11_opaque_literal_tag(tvbuff_t *tvb, guint32 offset,
const char *token, guint8 codepage _U_, guint32 *length)
const char *token, guint8 codepage _U_, guint32 *length, packet_info *pinfo)
{
guint32 data_len = tvb_get_guintvar(tvb, offset, length);
guint32 data_len = tvb_get_guintvar(tvb, offset, length, pinfo, &ei_wbxml_oversized_uintvar);
char *str = NULL;
if ( token && ( (strcmp(token, "Code") == 0)
@ -651,9 +652,9 @@ wv_csp11_opaque_literal_tag(tvbuff_t *tvb, guint32 offset,
static char *
wv_csp12_opaque_binary_tag(tvbuff_t *tvb, guint32 offset,
guint8 token, guint8 codepage, guint32 *length)
guint8 token, guint8 codepage, guint32 *length, packet_info *pinfo)
{
guint32 data_len = tvb_get_guintvar(tvb, offset, length);
guint32 data_len = tvb_get_guintvar(tvb, offset, length, pinfo, &ei_wbxml_oversized_uintvar);
char *str = NULL;
switch (codepage) {
@ -734,9 +735,9 @@ wv_csp12_opaque_binary_tag(tvbuff_t *tvb, guint32 offset,
static char *
wv_csp12_opaque_literal_tag(tvbuff_t *tvb, guint32 offset,
const char *token, guint8 codepage _U_, guint32 *length)
const char *token, guint8 codepage _U_, guint32 *length, packet_info *pinfo)
{
guint32 data_len = tvb_get_guintvar(tvb, offset, length);
guint32 data_len = tvb_get_guintvar(tvb, offset, length, pinfo, &ei_wbxml_oversized_uintvar);
char *str = NULL;
if ( token && ( (strcmp(token, "Code") == 0)
@ -772,9 +773,9 @@ wv_csp12_opaque_literal_tag(tvbuff_t *tvb, guint32 offset,
static char *
wv_csp13_opaque_binary_tag(tvbuff_t *tvb, guint32 offset,
guint8 token, guint8 codepage, guint32 *length)
guint8 token, guint8 codepage, guint32 *length, packet_info *pinfo)
{
guint32 data_len = tvb_get_guintvar(tvb, offset, length);
guint32 data_len = tvb_get_guintvar(tvb, offset, length, pinfo, &ei_wbxml_oversized_uintvar);
char *str = NULL;
switch (codepage)
@ -911,9 +912,9 @@ wv_csp13_opaque_binary_tag(tvbuff_t *tvb, guint32 offset,
static char *
wv_csp13_opaque_literal_tag(tvbuff_t *tvb, guint32 offset,
const char *token, guint8 codepage _U_, guint32 *length)
const char *token, guint8 codepage _U_, guint32 *length, packet_info *pinfo)
{
guint32 data_len = tvb_get_guintvar(tvb, offset, length);
guint32 data_len = tvb_get_guintvar(tvb, offset, length, pinfo, &ei_wbxml_oversized_uintvar);
char *str = NULL;
if ( token && ( (strcmp(token, "Code") == 0)
@ -969,9 +970,9 @@ wv_csp13_opaque_literal_tag(tvbuff_t *tvb, guint32 offset,
static char *
sic10_opaque_literal_attr(tvbuff_t *tvb, guint32 offset,
const char *token, guint8 codepage _U_, guint32 *length)
const char *token, guint8 codepage _U_, guint32 *length, packet_info *pinfo)
{
guint32 data_len = tvb_get_guintvar(tvb, offset, length);
guint32 data_len = tvb_get_guintvar(tvb, offset, length, pinfo, &ei_wbxml_oversized_uintvar);
char *str = NULL;
if ( token && ( (strcmp(token, "created") == 0)
@ -989,9 +990,9 @@ sic10_opaque_literal_attr(tvbuff_t *tvb, guint32 offset,
static char *
sic10_opaque_binary_attr(tvbuff_t *tvb, guint32 offset,
guint8 token, guint8 codepage, guint32 *length)
guint8 token, guint8 codepage, guint32 *length, packet_info *pinfo)
{
guint32 data_len = tvb_get_guintvar(tvb, offset, length);
guint32 data_len = tvb_get_guintvar(tvb, offset, length, pinfo, &ei_wbxml_oversized_uintvar);
char *str = NULL;
switch (codepage) {
@ -1019,9 +1020,9 @@ sic10_opaque_binary_attr(tvbuff_t *tvb, guint32 offset,
static char *
emnc10_opaque_literal_attr(tvbuff_t *tvb, guint32 offset,
const char *token, guint8 codepage _U_, guint32 *length)
const char *token, guint8 codepage _U_, guint32 *length, packet_info *pinfo)
{
guint32 data_len = tvb_get_guintvar(tvb, offset, length);
guint32 data_len = tvb_get_guintvar(tvb, offset, length, pinfo, &ei_wbxml_oversized_uintvar);
char *str = NULL;
if ( token && (strcmp(token, "timestamp") == 0) )
@ -1038,9 +1039,9 @@ emnc10_opaque_literal_attr(tvbuff_t *tvb, guint32 offset,
static char *
emnc10_opaque_binary_attr(tvbuff_t *tvb, guint32 offset,
guint8 token, guint8 codepage, guint32 *length)
guint8 token, guint8 codepage, guint32 *length, packet_info *pinfo)
{
guint32 data_len = tvb_get_guintvar(tvb, offset, length);
guint32 data_len = tvb_get_guintvar(tvb, offset, length, pinfo, &ei_wbxml_oversized_uintvar);
char *str = NULL;
switch (codepage) {
@ -7050,7 +7051,7 @@ static const char * Indent (guint8 level) {
* NOTE: See above for known token mappings.
*/
static guint32
parse_wbxml_attribute_list_defined (proto_tree *tree, tvbuff_t *tvb,
parse_wbxml_attribute_list_defined (proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo,
guint32 offset, guint32 str_tbl, guint8 level, guint8 *codepage_attr,
const wbxml_decoding *map)
{
@ -7091,7 +7092,7 @@ parse_wbxml_attribute_list_defined (proto_tree *tree, tvbuff_t *tvb,
level, off - offset));
return (off - offset);
case 0x02: /* ENTITY */
ent = tvb_get_guintvar (tvb, off+1, &len);
ent = tvb_get_guintvar (tvb, off+1, &len, pinfo, &ei_wbxml_oversized_uintvar);
proto_tree_add_uint_format(tree, hf_wbxml_entity, tvb, off, 1+len, ent,
" %3d | Attr | A %3d | ENTITY | %s'&#%u;'",
level, *codepage_attr, Indent (level), ent);
@ -7109,7 +7110,7 @@ parse_wbxml_attribute_list_defined (proto_tree *tree, tvbuff_t *tvb,
/* ALWAYS means the start of a new attribute,
* and may only contain the NAME of the attribute.
*/
idx = tvb_get_guintvar (tvb, off+1, &len);
idx = tvb_get_guintvar (tvb, off+1, &len, pinfo, &ei_wbxml_oversized_uintvar);
str_len = tvb_strsize (tvb, str_tbl+idx);
attr_save_known = 0;
attr_save_literal = tvb_format_text (tvb,
@ -7137,7 +7138,7 @@ parse_wbxml_attribute_list_defined (proto_tree *tree, tvbuff_t *tvb,
case 0x81: /* EXT_T_1 */
case 0x82: /* EXT_T_2 */
/* Extension tokens */
idx = tvb_get_guintvar (tvb, off+1, &len);
idx = tvb_get_guintvar (tvb, off+1, &len, pinfo, &ei_wbxml_oversized_uintvar);
{
char *s;
if (map != NULL) {
@ -7158,7 +7159,7 @@ parse_wbxml_attribute_list_defined (proto_tree *tree, tvbuff_t *tvb,
off += 1+len;
break;
case 0x83: /* STR_T */
idx = tvb_get_guintvar (tvb, off+1, &len);
idx = tvb_get_guintvar (tvb, off+1, &len, pinfo, &ei_wbxml_oversized_uintvar);
str_len = tvb_strsize (tvb, str_tbl+idx);
str = tvb_format_text (tvb, str_tbl+idx, str_len-1);
proto_tree_add_string_format(tree, hf_wbxml_str_t, tvb, off, 1+len, str,
@ -7184,18 +7185,18 @@ parse_wbxml_attribute_list_defined (proto_tree *tree, tvbuff_t *tvb,
if (attr_save_known) { /* Knwon attribute */
if (map->opaque_binary_attr) {
tmp_str = map->opaque_binary_attr(tvb, off + 1,
attr_save_known, *codepage_attr, &len);
attr_save_known, *codepage_attr, &len, pinfo);
} else {
tmp_str = default_opaque_binary_attr(tvb, off + 1,
attr_save_known, *codepage_attr, &len);
attr_save_known, *codepage_attr, &len, pinfo);
}
} else { /* lITERAL attribute */
if (map->opaque_literal_tag) {
tmp_str = map->opaque_literal_attr(tvb, off + 1,
attr_save_literal, *codepage_attr, &len);
attr_save_literal, *codepage_attr, &len, pinfo);
} else {
tmp_str = default_opaque_literal_attr(tvb, off + 1,
attr_save_literal, *codepage_attr, &len);
attr_save_literal, *codepage_attr, &len, pinfo);
}
}
proto_tree_add_bytes_format(tree, hf_wbxml_opaque_data, tvb, off, 1 + len, NULL,
@ -7203,7 +7204,7 @@ parse_wbxml_attribute_list_defined (proto_tree *tree, tvbuff_t *tvb,
level, *codepage_attr, Indent (level), tmp_str);
off += 1 + len;
} else {
idx = tvb_get_guintvar (tvb, off+1, &len);
idx = tvb_get_guintvar (tvb, off+1, &len, pinfo, &ei_wbxml_oversized_uintvar);
proto_tree_add_bytes_format(tree, hf_wbxml_opaque_data, tvb, off, 1 + len + idx, NULL,
" %3d | Attr | A %3d | OPAQUE (Opaque data) | %s(%u bytes of opaque data)",
level, *codepage_attr, Indent (level), idx);
@ -7285,7 +7286,7 @@ parse_wbxml_attribute_list_defined (proto_tree *tree, tvbuff_t *tvb,
* the used code page.
*/
static guint32
parse_wbxml_tag_defined (proto_tree *tree, tvbuff_t *tvb, guint32 offset,
parse_wbxml_tag_defined (proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, guint32 offset,
guint32 str_tbl, guint8 *level, guint8 *codepage_stag, guint8 *codepage_attr,
const wbxml_decoding *map)
{
@ -7339,7 +7340,7 @@ parse_wbxml_tag_defined (proto_tree *tree, tvbuff_t *tvb, guint32 offset,
DebugLog(("STAG: level = %u, Return: len = %u\n", *level, off - offset));
return (off - offset);
case 0x02: /* ENTITY */
ent = tvb_get_guintvar (tvb, off+1, &len);
ent = tvb_get_guintvar (tvb, off+1, &len, pinfo, &ei_wbxml_oversized_uintvar);
proto_tree_add_uint_format(tree, hf_wbxml_entity, tvb, off, 1+len, ent,
" %3d | Tag | T %3d | ENTITY | %s'&#%u;'",
*level, *codepage_stag, Indent (*level), ent);
@ -7372,7 +7373,7 @@ parse_wbxml_tag_defined (proto_tree *tree, tvbuff_t *tvb, guint32 offset,
proto_tree_add_none_format(tree, hf_wbxml_pi_xml, tvb, off, 1,
" %3d | Tag | T %3d | PI (XML Processing Instruction) | %s<?xml",
*level, *codepage_stag, Indent (*level));
len = parse_wbxml_attribute_list_defined (tree, tvb, off,
len = parse_wbxml_attribute_list_defined (tree, tvb, pinfo, off,
str_tbl, *level, codepage_attr, map);
/* Check that there is still room in packet */
off += len;
@ -7391,7 +7392,7 @@ parse_wbxml_tag_defined (proto_tree *tree, tvbuff_t *tvb, guint32 offset,
case 0x81: /* EXT_T_1 */
case 0x82: /* EXT_T_2 */
/* Extension tokens */
idx = tvb_get_guintvar (tvb, off+1, &len);
idx = tvb_get_guintvar (tvb, off+1, &len, pinfo, &ei_wbxml_oversized_uintvar);
{
char *s;
if (map)
@ -7413,7 +7414,7 @@ parse_wbxml_tag_defined (proto_tree *tree, tvbuff_t *tvb, guint32 offset,
off += 1+len;
break;
case 0x83: /* STR_T */
idx = tvb_get_guintvar (tvb, off+1, &len);
idx = tvb_get_guintvar (tvb, off+1, &len, pinfo, &ei_wbxml_oversized_uintvar);
str_len = tvb_strsize (tvb, str_tbl+idx);
str = tvb_format_text (tvb, str_tbl+idx, str_len-1);
proto_tree_add_string_format(tree, hf_wbxml_str_t, tvb, off, 1+len, str,
@ -7439,18 +7440,18 @@ parse_wbxml_tag_defined (proto_tree *tree, tvbuff_t *tvb, guint32 offset,
if (tag_save_known) { /* Knwon tag */
if (map->opaque_binary_tag) {
tmp_str = map->opaque_binary_tag(tvb, off + 1,
tag_save_known, *codepage_stag, &len);
tag_save_known, *codepage_stag, &len, pinfo);
} else {
tmp_str = default_opaque_binary_tag(tvb, off + 1,
tag_save_known, *codepage_stag, &len);
tag_save_known, *codepage_stag, &len, pinfo);
}
} else { /* lITERAL tag */
if (map->opaque_literal_tag) {
tmp_str = map->opaque_literal_tag(tvb, off + 1,
tag_save_literal, *codepage_stag, &len);
tag_save_literal, *codepage_stag, &len, pinfo);
} else {
tmp_str = default_opaque_literal_tag(tvb, off + 1,
tag_save_literal, *codepage_stag, &len);
tag_save_literal, *codepage_stag, &len, pinfo);
}
}
proto_tree_add_bytes_format(tree, hf_wbxml_opaque_data, tvb, off, 1 + len, NULL,
@ -7458,7 +7459,7 @@ parse_wbxml_tag_defined (proto_tree *tree, tvbuff_t *tvb, guint32 offset,
*level, *codepage_stag, Indent (*level), tmp_str);
off += 1 + len;
} else {
idx = tvb_get_guintvar (tvb, off+1, &len);
idx = tvb_get_guintvar (tvb, off+1, &len, pinfo, &ei_wbxml_oversized_uintvar);
proto_tree_add_bytes_format(tree, hf_wbxml_opaque_data, tvb, off, 1 + len + idx, NULL,
" %3d | Tag | T %3d | OPAQUE (Opaque data) | %s(%u bytes of opaque data)",
*level, *codepage_stag, Indent (*level), idx);
@ -7494,7 +7495,7 @@ parse_wbxml_tag_defined (proto_tree *tree, tvbuff_t *tvb, guint32 offset,
tag_len = 0;
if ((peek & 0x3F) == 4) { /* LITERAL */
DebugLog(("STAG: LITERAL tag (peek = 0x%02X, off = %u) - TableRef follows!\n", peek, off));
idx = tvb_get_guintvar (tvb, off+1, &tag_len);
idx = tvb_get_guintvar (tvb, off+1, &tag_len, pinfo, &ei_wbxml_oversized_uintvar);
str_len = tvb_strsize (tvb, str_tbl+idx);
tag_new_literal = (const gchar*)tvb_get_ptr (tvb, str_tbl+idx, str_len);
tag_new_known = 0; /* invalidate known tag_new */
@ -7522,7 +7523,7 @@ parse_wbxml_tag_defined (proto_tree *tree, tvbuff_t *tvb, guint32 offset,
/* Do not process the attribute list:
* recursion will take care of it */
(*level)++;
len = parse_wbxml_tag_defined (tree, tvb, off, str_tbl,
len = parse_wbxml_tag_defined (tree, tvb, pinfo, off, str_tbl,
level, codepage_stag, codepage_attr, map);
off += len;
} else { /* Now we will have content to parse */
@ -7550,7 +7551,7 @@ parse_wbxml_tag_defined (proto_tree *tree, tvbuff_t *tvb, guint32 offset,
*level, *codepage_stag, Indent (*level), tag_new_literal);
off += 1 + tag_len;
}
len = parse_wbxml_attribute_list_defined (tree, tvb,
len = parse_wbxml_attribute_list_defined (tree, tvb, pinfo,
off, str_tbl, *level, codepage_attr, map);
/* Check that there is still room in packet */
off += len;
@ -7599,7 +7600,7 @@ parse_wbxml_tag_defined (proto_tree *tree, tvbuff_t *tvb, guint32 offset,
Indent (*level), tag_new_literal);
/* Tag string already looked up earlier! */
off++;
len = parse_wbxml_attribute_list_defined (tree, tvb,
len = parse_wbxml_attribute_list_defined (tree, tvb, pinfo,
off, str_tbl, *level, codepage_attr, map);
/* Check that there is still room in packet */
off += len;
@ -7618,7 +7619,7 @@ parse_wbxml_tag_defined (proto_tree *tree, tvbuff_t *tvb, guint32 offset,
" %3d | Tag | T %3d | LITERAL_A (Literal Tag) (A.) | %s<%s",
*level, *codepage_stag, Indent (*level), tag_new_literal);
off += 1 + tag_len;
len = parse_wbxml_attribute_list_defined (tree, tvb,
len = parse_wbxml_attribute_list_defined (tree, tvb, pinfo,
off, str_tbl, *level, codepage_attr, map);
/* Check that there is still room in packet */
off += len;
@ -7721,10 +7722,10 @@ dissect_wbxml_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
*/
/* Public ID */
publicid = tvb_get_guintvar(tvb, 1, &publicid_len);
publicid = tvb_get_guintvar(tvb, 1, &publicid_len, pinfo, &ei_wbxml_oversized_uintvar);
if (! publicid) {
/* Public identifier in string table */
publicid_index = tvb_get_guintvar (tvb, 1+publicid_len, &len);
publicid_index = tvb_get_guintvar (tvb, 1+publicid_len, &len, pinfo, &ei_wbxml_oversized_uintvar);
publicid_len += len;
}
offset = 1 + publicid_len;
@ -7739,7 +7740,7 @@ dissect_wbxml_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
case 0x02: /* WBXML/1.2 */
case 0x03: /* WBXML/1.3 */
/* Get charset */
charset = tvb_get_guintvar (tvb, offset, &charset_len);
charset = tvb_get_guintvar (tvb, offset, &charset_len, pinfo, &ei_wbxml_oversized_uintvar);
offset += charset_len;
break;
@ -7749,7 +7750,7 @@ dissect_wbxml_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
}
/* String table: read string table length in bytes */
tvb_get_guintvar (tvb, offset, &str_tbl_len_len);
tvb_get_guintvar (tvb, offset, &str_tbl_len_len, pinfo, &ei_wbxml_oversized_uintvar);
str_tbl = offset + str_tbl_len_len; /* Start of 1st string in string table */
/* Compose the summary line */
@ -7797,7 +7798,7 @@ dissect_wbxml_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
offset += charset_len;
}
str_tbl_len = tvb_get_guintvar (tvb, offset, &len);
str_tbl_len = tvb_get_guintvar (tvb, offset, &len, pinfo, &ei_wbxml_oversized_uintvar);
str_tbl = offset + len; /* Start of 1st string in string table */
/* String Table */
@ -7856,7 +7857,7 @@ dissect_wbxml_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
/* If content_map == NULL, WBXML only, no interpretation of the content */
len = parse_wbxml_tag_defined (tag_tree,
tvb, offset, str_tbl, &level, &codepage_stag,
tvb, pinfo, offset, str_tbl, &level, &codepage_stag,
&codepage_attr, content_map);
}
@ -8105,6 +8106,7 @@ proto_register_wbxml(void)
{ &ei_wbxml_data_not_shown, { "wbxml.data_not_shown", PI_PROTOCOL, PI_NOTE, "Data representation not shown (edit WBXML preferences to show)", EXPFILL }},
{ &ei_wbxml_content_type_not_supported, { "wbxml.content_type.not_supported", PI_UNDECODED, PI_WARN, "Rendering of this content type not (yet) supported", EXPFILL }},
{ &ei_wbxml_content_type_disabled, { "wbxml.content_type.disabled", PI_PROTOCOL, PI_NOTE, "Rendering of this content type has been disabled (edit WBXML preferences to enable)", EXPFILL }},
{ &ei_wbxml_oversized_uintvar, { "wbxml.oversized_uintvar", PI_MALFORMED, PI_ERROR, "Uintvar is oversized", EXPFILL }}
};
expert_module_t* expert_wbxml;

56
epan/dissectors/packet-wsp.c
View File

@ -380,6 +380,7 @@ static expert_field ei_wsp_undecoded_parameter = EI_INIT;
static expert_field ei_hdr_x_wap_tod = EI_INIT;
static expert_field ei_wsp_trailing_quote = EI_INIT;
static expert_field ei_wsp_header_invalid = EI_INIT;
static expert_field ei_wsp_oversized_uintvar = EI_INIT;
/* Handle for WSP-over-UDP dissector */
@ -1291,7 +1292,7 @@ static void add_headers (proto_tree *tree, tvbuff_t *tvb, int hf, packet_info *p
#define is_uri_value(x) is_text_string(x)
#define get_uintvar_integer(val,tvb,start,len,ok) \
val = tvb_get_guintvar(tvb,start,&len); \
val = tvb_get_guintvar(tvb,start,&len, pinfo, &ei_wsp_oversized_uintvar); \
if (len>5) ok = FALSE; else ok = TRUE;
#define get_short_integer(val,tvb,start,len,ok) \
val = tvb_get_guint8(tvb,start); \
@ -1438,7 +1439,7 @@ parameter_value_q (proto_tree *tree, packet_info *pinfo, proto_item *ti, tvbuff_
/* END */ \
} else { /* val_start points to 1st byte of length field */ \
if (val_id == 0x1F) { /* Value Length = guintvar */ \
val_len = tvb_get_guintvar(tvb, val_start + 1, &val_len_len); \
val_len = tvb_get_guintvar(tvb, val_start + 1, &val_len_len, pinfo, &ei_wsp_oversized_uintvar); \
val_len_len++; /* 0x1F length indicator byte */ \
} else { /* Short length followed by Len data octets */ \
val_len = tvb_get_guint8(tvb, offset); \
@ -4529,7 +4530,7 @@ dissect_sir(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
tvb, 0, 1, version);
/* Length of Application-Id headers list */
val_len = tvb_get_guintvar(tvb, 1, &len);
val_len = tvb_get_guintvar(tvb, 1, &len, pinfo, &ei_wsp_oversized_uintvar);
proto_tree_add_uint(subtree, hf_sir_app_id_list_len,
tvb, 1, len, val_len);
offset = 1 + len;
@ -4539,7 +4540,7 @@ dissect_sir(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
offset += val_len;
/* Length of WSP contact points list */
val_len = tvb_get_guintvar(tvb, offset, &len);
val_len = tvb_get_guintvar(tvb, offset, &len, pinfo, &ei_wsp_oversized_uintvar);
proto_tree_add_uint(subtree, hf_sir_wsp_contact_points_len,
tvb, offset, len, val_len);
offset += len;
@ -4554,7 +4555,7 @@ dissect_sir(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
offset += val_len;
/* Length of non-WSP contact points list */
val_len = tvb_get_guintvar(tvb, offset, &len);
val_len = tvb_get_guintvar(tvb, offset, &len, pinfo, &ei_wsp_oversized_uintvar);
proto_tree_add_uint(subtree, hf_sir_contact_points_len,
tvb, offset, len, val_len);
offset += len;
@ -4565,7 +4566,7 @@ dissect_sir(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
offset += val_len;
/* Number of entries in the Protocol Options list */
val_len = tvb_get_guintvar(tvb, offset, &len);
val_len = tvb_get_guintvar(tvb, offset, &len, pinfo, &ei_wsp_oversized_uintvar);
proto_tree_add_uint(subtree, hf_sir_protocol_options_len,
tvb, offset, len, val_len);
offset += len;
@ -4574,14 +4575,14 @@ dissect_sir(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
val_len_save = val_len;
for (i = 0; i < val_len_save; i++) {
val_len = tvb_get_guintvar(tvb, offset, &len);
val_len = tvb_get_guintvar(tvb, offset, &len, pinfo, &ei_wsp_oversized_uintvar);
proto_tree_add_uint(subtree, hf_sir_protocol_options,
tvb, offset, len, val_len);
offset += len;
}
/* Length of ProvURL */
val_len = tvb_get_guintvar(tvb, offset, &len);
val_len = tvb_get_guintvar(tvb, offset, &len, pinfo, &ei_wsp_oversized_uintvar);
proto_tree_add_uint(subtree, hf_sir_prov_url_len,
tvb, offset, len, val_len);
offset += len;
@ -4591,7 +4592,7 @@ dissect_sir(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
offset += val_len;
/* Number of entries in the CPITag list */
val_len = tvb_get_guintvar(tvb, offset, &len);
val_len = tvb_get_guintvar(tvb, offset, &len, pinfo, &ei_wsp_oversized_uintvar);
proto_tree_add_uint(subtree, hf_sir_cpi_tag_len,
tvb, offset, len, val_len);
offset += len;
@ -4706,7 +4707,7 @@ dissect_wsp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
offset++;
} else {
count = 0; /* Initialise count */
value = tvb_get_guintvar (tvb, offset, &count);
value = tvb_get_guintvar (tvb, offset, &count, pinfo, &ei_wsp_oversized_uintvar);
proto_tree_add_uint (wsp_tree,
hf_wsp_server_session_id,
tvb, offset, count, value);
@ -4714,7 +4715,7 @@ dissect_wsp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
offset += count;
}
count = 0; /* Initialise count */
capabilityLength = tvb_get_guintvar (tvb, offset, &count);
capabilityLength = tvb_get_guintvar (tvb, offset, &count, pinfo, &ei_wsp_oversized_uintvar);
proto_tree_add_uint (wsp_tree, hf_capabilities_length,
tvb, offset, count, capabilityLength);
offset += count;
@ -4722,7 +4723,7 @@ dissect_wsp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
if (pdut != WSP_PDU_RESUME)
{
count = 0; /* Initialise count */
headerLength = tvb_get_guintvar (tvb, offset, &count);
headerLength = tvb_get_guintvar (tvb, offset, &count, pinfo, &ei_wsp_oversized_uintvar);
proto_tree_add_uint (wsp_tree, hf_wsp_header_length,
tvb, offset, count, headerLength);
offset += count;
@ -4759,7 +4760,7 @@ dissect_wsp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
case WSP_PDU_SUSPEND:
if (tree) {
count = 0; /* Initialise count */
value = tvb_get_guintvar (tvb, offset, &count);
value = tvb_get_guintvar (tvb, offset, &count, pinfo, &ei_wsp_oversized_uintvar);
proto_tree_add_uint (wsp_tree,
hf_wsp_server_session_id,
tvb, offset, count, value);
@ -4774,7 +4775,7 @@ dissect_wsp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
case WSP_PDU_TRACE:
count = 0; /* Initialise count */
/* Length of URI and size of URILen field */
value = tvb_get_guintvar (tvb, offset, &count);
value = tvb_get_guintvar (tvb, offset, &count, pinfo, &ei_wsp_oversized_uintvar);
nextOffset = offset + count;
add_uri (wsp_tree, pinfo, tvb, offset, nextOffset, proto_ti);
if (tree) {
@ -4788,10 +4789,10 @@ dissect_wsp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
case WSP_PDU_PUT:
uriStart = offset;
count = 0; /* Initialise count */
uriLength = tvb_get_guintvar (tvb, offset, &count);
uriLength = tvb_get_guintvar (tvb, offset, &count, pinfo, &ei_wsp_oversized_uintvar);
headerStart = uriStart+count;
count = 0; /* Initialise count */
headersLength = tvb_get_guintvar (tvb, headerStart, &count);
headersLength = tvb_get_guintvar (tvb, headerStart, &count, pinfo, &ei_wsp_oversized_uintvar);
offset = headerStart + count;
add_uri (wsp_tree, pinfo, tvb, uriStart, offset, proto_ti);
@ -4869,7 +4870,7 @@ dissect_wsp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
case WSP_PDU_REPLY:
count = 0; /* Initialise count */
headersLength = tvb_get_guintvar (tvb, offset+1, &count);
headersLength = tvb_get_guintvar (tvb, offset+1, &count, pinfo, &ei_wsp_oversized_uintvar);
headerStart = offset + count + 1;
{
guint8 reply_status = tvb_get_guint8(tvb, offset);
@ -4960,7 +4961,7 @@ dissect_wsp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
case WSP_PDU_PUSH:
case WSP_PDU_CONFIRMEDPUSH:
count = 0; /* Initialise count */
headersLength = tvb_get_guintvar (tvb, offset, &count);
headersLength = tvb_get_guintvar (tvb, offset, &count, pinfo, &ei_wsp_oversized_uintvar);
headerStart = offset + count;
proto_tree_add_uint (wsp_tree, hf_wsp_header_length,
@ -5095,7 +5096,7 @@ add_uri (proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb,
guint URILenOffset, guint URIOffset, proto_item *proto_ti)
{
guint count = 0;
guint uriLen = tvb_get_guintvar (tvb, URILenOffset, &count);
guint uriLen = tvb_get_guintvar (tvb, URILenOffset, &count, pinfo, &ei_wsp_oversized_uintvar);
gchar *str;
proto_tree_add_uint (tree, hf_wsp_header_uri_len,
@ -5183,7 +5184,7 @@ add_capabilities (proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, guint8 pd
* Now Offset points to the 1st byte of a capability field.
* Get the length of the capability field
*/
capaValueLen = tvb_get_guintvar(tvb, offset, &len);
capaValueLen = tvb_get_guintvar(tvb, offset, &len, pinfo, &ei_wsp_oversized_uintvar);
capaLen = capaValueLen + len;
cap_subtree = proto_tree_add_subtree(wsp_capabilities, tvb, offset, capaLen, ett_capabilities_entry, &cap_item, "Capability");
@ -5244,12 +5245,12 @@ add_capabilities (proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, guint8 pd
/* Now the capability type is known */
switch (peek) {
case WSP_CAPA_CLIENT_SDU_SIZE:
value = tvb_get_guintvar(tvb, offset, &len);
value = tvb_get_guintvar(tvb, offset, &len, pinfo, &ei_wsp_oversized_uintvar);
proto_tree_add_uint(cap_subtree, hf_capa_client_sdu_size,
tvb, offset, len, value);
break;
case WSP_CAPA_SERVER_SDU_SIZE:
value = tvb_get_guintvar(tvb, offset, &len);
value = tvb_get_guintvar(tvb, offset, &len, pinfo, &ei_wsp_oversized_uintvar);
proto_tree_add_uint(cap_subtree, hf_capa_server_sdu_size,
tvb, offset, len, value);
break;
@ -5352,12 +5353,12 @@ add_capabilities (proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, guint8 pd
tvb, capaStart, capaLen, ENC_NA);
break;
case WSP_CAPA_CLIENT_MESSAGE_SIZE:
value = tvb_get_guintvar(tvb, offset, &len);
value = tvb_get_guintvar(tvb, offset, &len, pinfo, &ei_wsp_oversized_uintvar);
proto_tree_add_uint(cap_subtree, hf_capa_client_message_size,
tvb, offset, len, value);
break;
case WSP_CAPA_SERVER_MESSAGE_SIZE:
value = tvb_get_guintvar(tvb, offset, &len);
value = tvb_get_guintvar(tvb, offset, &len, pinfo, &ei_wsp_oversized_uintvar);
proto_tree_add_uint(cap_subtree, hf_capa_server_message_size,
tvb, offset, len, value);
break;
@ -5489,7 +5490,7 @@ add_multipart_data (proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo)
heur_dtbl_entry_t *hdtbl_entry;
nEntries = tvb_get_guintvar (tvb, offset, &count);
nEntries = tvb_get_guintvar (tvb, offset, &count, pinfo, &ei_wsp_oversized_uintvar);
offset += count;
if (nEntries)
{
@ -5499,9 +5500,9 @@ add_multipart_data (proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo)
while (nEntries--)
{
part_start = offset;
HeadersLen = tvb_get_guintvar (tvb, offset, &count);
HeadersLen = tvb_get_guintvar (tvb, offset, &count, pinfo, &ei_wsp_oversized_uintvar);
offset += count;
DataLen = tvb_get_guintvar (tvb, offset, &count);
DataLen = tvb_get_guintvar (tvb, offset, &count, pinfo, &ei_wsp_oversized_uintvar);
offset += count;
ti = proto_tree_add_uint(sub_tree, hf_wsp_mpart, tvb, part_start,
@ -7157,6 +7158,7 @@ proto_register_wsp(void)
{ &ei_wsp_undecoded_parameter, { "wsp.undecoded_parameter", PI_UNDECODED, PI_WARN, "Invalid parameter value", EXPFILL }},
{ &ei_wsp_trailing_quote, { "wsp.trailing_quote", PI_PROTOCOL, PI_WARN, "Quoted-string value has been encoded with a trailing quote", EXPFILL }},
{ &ei_wsp_header_invalid, { "wsp.header_invalid", PI_MALFORMED, PI_ERROR, "Malformed header", EXPFILL }},
{ &ei_wsp_oversized_uintvar, { "wsp.oversized_uintvar", PI_MALFORMED, PI_ERROR, "Uintvar is oversized", EXPFILL }}
};
expert_module_t* expert_wsp;