forked from osmocom/wireshark
fixed various issues (two serious ones) found by "private" fuzz-testing
svn path=/trunk/; revision=14830
This commit is contained in:
parent
22fff1e1f3
commit
2ce8d2a30f
|
@ -1309,6 +1309,7 @@ decode_mobile_identity(bssgp_ie_t *ie, build_info_t *bi, int ie_start_offset) {
|
|||
case BSSGP_MOBILE_IDENTITY_TYPE_IMEISV:
|
||||
num_digits = 1 + (ie->value_length - 1) * 2;
|
||||
if (odd_even != ODD ) num_digits--;
|
||||
if (num_digits > MAX_NUM_IMSI_DIGITS) THROW(ReportedBoundsError);
|
||||
|
||||
i = 0;
|
||||
digits[i] = get_masked_guint8(data, BSSGP_MASK_LEFT_OCTET_HALF);
|
||||
|
@ -5377,7 +5378,14 @@ decode_pdu_ran_information(build_info_t *bi) {
|
|||
decode_pdu_general(ies, 7, bi);
|
||||
|
||||
while (tvb_length_remaining(bi->tvb, bi->offset) >= 4) {
|
||||
guint32 org_offset = bi->offset;
|
||||
|
||||
decode_ie(&ies[7], bi);
|
||||
|
||||
/* prevent an endless loop */
|
||||
if(org_offset == bi->offset) {
|
||||
THROW(ReportedBoundsError);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -16373,6 +16373,8 @@ dissect_dtap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|||
|
||||
default:
|
||||
str = gsm_a_pd_str[pd];
|
||||
/* XXX - hf_idx is still -1! this is a bug in the implementation, and I don't know how to fix it so simple return here */
|
||||
return;
|
||||
break;
|
||||
}
|
||||
|
||||
|
|
|
@ -1121,6 +1121,8 @@ AddAttribute(packet_info *pinfo, tvbuff_t *tvb, proto_tree *tree, guint offset,
|
|||
return (offset+8);
|
||||
}
|
||||
|
||||
tvb_ensure_bytes_exist(tvb, offset, len);
|
||||
|
||||
switch( tag )
|
||||
{
|
||||
case ISNS_ATTR_TAG_DELIMITER:
|
||||
|
@ -1133,9 +1135,11 @@ AddAttribute(packet_info *pinfo, tvbuff_t *tvb, proto_tree *tree, guint offset,
|
|||
offset = dissect_isns_attr_integer(tvb, offset, tree, hf_isns_entity_protocol, tag, len, function_id);
|
||||
break;
|
||||
case ISNS_ATTR_TAG_MGMT_IP_ADDRESS:
|
||||
if(len != 16) THROW(ReportedBoundsError);
|
||||
offset = dissect_isns_attr_ip_address(tvb, offset, tree, hf_isns_mgmt_ip_addr, tag, len);
|
||||
break;
|
||||
case ISNS_ATTR_TAG_TIMESTAMP:
|
||||
if(len != 8) THROW(ReportedBoundsError);
|
||||
offset = dissect_isns_attr_integer(tvb, offset, tree, hf_isns_timestamp, tag, len, function_id);
|
||||
break;
|
||||
case ISNS_ATTR_TAG_PROTOCOL_VERSION_RANGE:
|
||||
|
@ -1157,6 +1161,7 @@ AddAttribute(packet_info *pinfo, tvbuff_t *tvb, proto_tree *tree, guint offset,
|
|||
offset = dissect_isns_attr_not_decoded_yet(tvb, offset, tree, hf_isns_not_decoded_yet, tag, len);
|
||||
break;
|
||||
case ISNS_ATTR_TAG_PORTAL_IP_ADDRESS:
|
||||
if(len != 16) THROW(ReportedBoundsError);
|
||||
offset = dissect_isns_attr_ip_address(tvb, offset, tree, hf_isns_portal_ip_addr, tag, len);
|
||||
break;
|
||||
case ISNS_ATTR_TAG_PORTAL_PORT:
|
||||
|
@ -1220,6 +1225,7 @@ AddAttribute(packet_info *pinfo, tvbuff_t *tvb, proto_tree *tree, guint offset,
|
|||
offset = dissect_isns_attr_string(tvb, offset, tree, hf_isns_pg_iscsi_name, tag, len);
|
||||
break;
|
||||
case ISNS_ATTR_TAG_PG_PORTAL_IP_ADDR:
|
||||
if(len != 16) THROW(ReportedBoundsError);
|
||||
offset = dissect_isns_attr_ip_address(tvb, offset, tree, hf_isns_pg_portal_ip_addr, tag, len);
|
||||
break;
|
||||
case ISNS_ATTR_TAG_PG_PORTAL_PORT:
|
||||
|
|
|
@ -2389,7 +2389,21 @@ proto_register_smpp(void)
|
|||
HFILL
|
||||
}
|
||||
},
|
||||
{ &hf_smpp_user_message_reference,
|
||||
{ &hf_smpp_source_subaddress,
|
||||
{ "Source Subaddress", "smpp.source_subaddress",
|
||||
FT_STRING, BASE_NONE, NULL, 0x00,
|
||||
"Source Subaddress",
|
||||
HFILL
|
||||
}
|
||||
},
|
||||
{ &hf_smpp_dest_subaddress,
|
||||
{ "Destination Subaddress", "smpp.dest_subaddress",
|
||||
FT_STRING, BASE_NONE, NULL, 0x00,
|
||||
"Destination Subaddress",
|
||||
HFILL
|
||||
}
|
||||
},
|
||||
{ &hf_smpp_user_message_reference,
|
||||
{ "Message reference", "smpp.user_message_reference",
|
||||
FT_UINT16, BASE_HEX, NULL, 0x00,
|
||||
"Reference to the message, assigned by the user.",
|
||||
|
|
Loading…
Reference in New Issue