ssh: fix the heuristic for MAC size determination

size_str points to a dash, so the result of calling ws_strtoi32 on it is a negative number, which becomes a huge positive number, because size is a guint32. Parse the number after the dash instead, and use ws_strtou32. Also, check that size is divisible by 8, since otherwise it's unlikely to be a bit length. Change-Id: I531f67d45e9e914574d36a9ffceed9239fd46d64 Reviewed-on: https://code.wireshark.org/review/19006 Reviewed-by: Graham Bloice <graham.bloice@trihedral.com> Petri-Dish: Graham Bloice <graham.bloice@trihedral.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Peter Wu <peter@lekensteyn.nl>
2016-12-01 23:25:55 +03:00 · 2016-12-01 23:25:55 +03:00 · 40ebfb9a6f
parent dd98856afc
commit 40ebfb9a6f
1 changed files with 1 additions and 2 deletions
--- a/epan/dissectors/packet-ssh.c
+++ b/epan/dissectors/packet-ssh.c
@ -1015,8 +1015,7 @@ ssh_set_mac_length(struct ssh_peer_data *peer_data)
    }

    size_str = g_strrstr(mac_name, "-");
-    ws_strtoi32(size_str, NULL, &size);
-    if (size_str && size > 0) {
+    if (size_str && ws_strtou32(size_str + 1, NULL, &size) && size > 0 && size % 8 == 0) {
        peer_data->mac_length = size / 8;
    }
    else if (strcmp(mac_name, "hmac-sha1") == 0) {