osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

packet-mq: Fix problem in get_mq_pdu_len 

Found during fuzz test that the get_mq_pdu_len can return
a 0 length pdu. Fix to at least return tvb_reported_length_remaining

Change-Id: I6410f71724a6288fe42a4f600e72a8af787aa7eb
Reviewed-on: https://code.wireshark.org/review/25574
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
This commit is contained in:
Robert Grange 2018-02-03 12:09:11 +01:00 committed by Martin Kaiser
parent ffc200ade3
commit 3aff560761
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
epan/dissectors/packet-mq.c
View File

@ -3728,17 +3728,16 @@ static int reassemble_mq(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, vo
static guint get_mq_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb,
int offset, void *data _U_)
{
if (tvb_reported_length_remaining(tvb, offset) >= 8)
guint uLen = tvb_reported_length_remaining(tvb, offset);
if (uLen >= 8)
{
guint32 mq_strucID = tvb_get_ntohl(tvb, offset + 0);
if ((mq_strucID & MQ_MASK_TSHx) == MQ_STRUCTID_TSHx || (mq_strucID & MQ_MASK_TSHx) == MQ_STRUCTID_TSHx_EBCDIC)
{
return tvb_get_ntohl(tvb, offset + 4);
uLen = tvb_get_ntohl(tvb, offset + 4);
}
else
return tvb_reported_length_remaining(tvb, offset);
}
return 0;
return uLen;
}
static int dissect_mq_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)