osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

Fix the infinite recursion problem reported in 

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8733 :

We can't solely rely on the port in the URI to determine whether we will be
recursively called by decode_tcp_ports().  Instead also check the conversation
entry too: if we find that we are the subdissector for this conversation
(which we might be--without the port being in our list of ports--if we
heuristically picked up the conversation or the user did Decode-As),
just bail out and dissect the payload as data.

svn path=/trunk/; revision=49623
This commit is contained in:
Jeff Morriss 2013-05-29 22:43:20 +00:00
parent d98b0cc231
commit 34230e736d
1 changed files with 21 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
epan/dissectors/packet-http.c
View File

@ -1917,10 +1917,11 @@ http_payload_subdissector(tvbuff_t *tvb, proto_tree *tree,
packet_info *pinfo, http_conv_t *conv_data)
{
guint32 *ptr = NULL;
guint32 dissect_as, saved_port;
guint32 uri_port, saved_port, srcport, destport;
gchar **strings; /* An array for splitting the request URI into hostname and port */
proto_item *item;
proto_tree *proxy_tree;
conversation_t *conv;
/* Grab the destination port number from the request URI to find the right subdissector */
strings = g_strsplit(conv_data->request_uri, ":", 2);
@ -1943,15 +1944,28 @@ http_payload_subdissector(tvbuff_t *tvb, proto_tree *tree,
PROTO_ITEM_SET_GENERATED(item);
}
/* We're going to get stuck in a loop if we let process_tcp_payload call
us, so call the data dissector instead for proxy connections to http ports. */
dissect_as = (int)strtol(strings[1], NULL, 10); /* Convert string to a base-10 integer */
uri_port = (int)strtol(strings[1], NULL, 10); /* Convert string to a base-10 integer */
if (value_is_in_range(http_tcp_range, dissect_as)) {
if (value_is_in_range(http_tcp_range, pinfo->destport)) {
srcport = pinfo->srcport;
destport = uri_port;
} else {
srcport = uri_port;
destport = pinfo->destport;
}
conv = find_conversation(PINFO_FD_NUM(pinfo), &pinfo->src, &pinfo->dst, PT_TCP, srcport, destport, 0);
/* We may get stuck in a recursion loop if we let process_tcp_payload() call us.
* So, if the port in the URI is one we're registered for or we have set up a
* conversation (e.g., one we detected heuristically or via Decode-As) call the data
* dissector directly.
*/
if (value_is_in_range(http_tcp_range, uri_port) || (conv && conv->dissector_handle == http_handle)) {
call_dissector(data_handle, tvb, pinfo, tree);
} else {
/* set pinfo->{src/dst port} and call the TCP sub-dissector lookup */
if ( !ptr && value_is_in_range(http_tcp_range, pinfo->destport) )
if (value_is_in_range(http_tcp_range, pinfo->destport))
ptr = &pinfo->destport;
else
ptr = &pinfo->srcport;
@ -1964,7 +1978,7 @@ http_payload_subdissector(tvbuff_t *tvb, proto_tree *tree,
pinfo->can_desegment++;
saved_port = *ptr;
*ptr = dissect_as;
*ptr = uri_port;
decode_tcp_ports(tvb, 0, pinfo, tree,
pinfo->srcport, pinfo->destport, NULL);
*ptr = saved_port;