osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

GQUIC: make sure our tag offset advances. 

Make sure gquic tag offset advances so that we don't infinitely loop.
This commit is contained in:
Richard Smith 2020-10-10 18:25:57 +08:00 committed by Wireshark GitLab Utility
parent f1e28064ec
commit b287e7165e
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
epan/dissectors/packet-gquic.c
View File

@ -198,6 +198,7 @@ static expert_field ei_gquic_tag_length = EI_INIT;
static expert_field ei_gquic_tag_unknown = EI_INIT;
static expert_field ei_gquic_version_invalid = EI_INIT;
static expert_field ei_gquic_invalid_parameter = EI_INIT;
static expert_field ei_gquic_length_invalid = EI_INIT;
static const value_string gquic_short_long_header_vals[] = {
{ 0, "Short Header" },
@ -1660,7 +1661,7 @@ dissect_gquic_tag(tvbuff_t *tvb, packet_info *pinfo, proto_tree *gquic_tree, gui
"Dissector for (Google) QUIC Tag"
" %s (%s) code not implemented, Contact"
" Wireshark developers if you want this supported", tvb_get_string_enc(wmem_packet_scope(), tvb, offset-8, 4, ENC_ASCII|ENC_NA), val_to_str(tag, tag_vals, "Unknown"));
tag_offset += tag_len;
goto end;
break;
}
if(tag_offset != offset_end){
@ -1671,6 +1672,13 @@ dissect_gquic_tag(tvbuff_t *tvb, packet_info *pinfo, proto_tree *gquic_tree, gui
tag_number--;
}
end:
if (offset + total_tag_len <= offset) {
expert_add_info_format(pinfo, gquic_tree, &ei_gquic_length_invalid,
"Invalid total tag length: %u", total_tag_len);
return offset + tvb_reported_length_remaining(tvb, offset);
}
return offset + total_tag_len;
}
@ -3173,7 +3181,8 @@ proto_register_gquic(void)
{ &ei_gquic_tag_length, { "gquic.tag.length.truncated", PI_MALFORMED, PI_NOTE, "Truncated Tag Length...", EXPFILL }},
{ &ei_gquic_tag_unknown, { "gquic.tag.unknown.data", PI_UNDECODED, PI_NOTE, "Unknown Data", EXPFILL }},
{ &ei_gquic_version_invalid, { "gquic.version.invalid", PI_MALFORMED, PI_ERROR, "Invalid Version", EXPFILL }},
{ &ei_gquic_invalid_parameter, { "gquic.invalid.parameter", PI_MALFORMED, PI_ERROR, "Invalid Parameter", EXPFILL }}
{ &ei_gquic_invalid_parameter, { "gquic.invalid.parameter", PI_MALFORMED, PI_ERROR, "Invalid Parameter", EXPFILL }},
{ &ei_gquic_length_invalid, { "gquic.length.invalid", PI_PROTOCOL, PI_WARN, "Invalid Length", EXPFILL }}
};
expert_module_t *expert_gquic;