forked from osmocom/wireshark
Before checking for SASL security stuff, make sure the bytes you're
going to check exist. Doing so arranges that "tvb_reported_length_remaining(tvb, offset) is >= 5 (unless the reported length is less than the data length, but that "shouldn't happen"). Instead of comparing "tvb_get_ntohl(tvb, offset) - 4" against "tvb_reported_length_remaining(tvb, offset)", which runs the risk of giving a bogus answer if "tvb_get_ntohl(tvb, offset)" is < 4, compare "tvb_get_ntohl(tvb, offset) against "tvb_reported_length_remaining(tvb, offset)-4", as the latter is guaranteed to be > 0 (and cast the latter expression to get rid of the signed/unsigned comparison warning that caused me to notice this issue in the first place). svn path=/trunk/; revision=9738
This commit is contained in:
parent
109c9f6f5e
commit
b70ed7093e
|
@ -3,7 +3,7 @@
|
|||
*
|
||||
* See RFC 1777 (LDAP v2), RFC 2251 (LDAP v3), and RFC 2222 (SASL).
|
||||
*
|
||||
* $Id: packet-ldap.c,v 1.72 2004/01/19 10:54:06 sahlberg Exp $
|
||||
* $Id: packet-ldap.c,v 1.73 2004/01/19 22:58:59 guy Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@ethereal.com>
|
||||
|
@ -2386,7 +2386,8 @@ dissect_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean i
|
|||
* check if it looks like it could be a SASL blob here
|
||||
* and in that case just assume it is GSS-SPNEGO
|
||||
*/
|
||||
if( ((tvb_get_ntohl(tvb, offset)+4)<=tvb_reported_length_remaining(tvb, offset))
|
||||
if( (tvb_bytes_exist(tvb, offset, 5))
|
||||
&&(tvb_get_ntohl(tvb, offset)<=(guint)(tvb_reported_length_remaining(tvb, offset)-4))
|
||||
&&(tvb_get_guint8(tvb, offset+4)==0x60) ){
|
||||
ldap_info->auth_type=LDAP_AUTH_SASL;
|
||||
ldap_info->first_auth_frame=pinfo->fd->num;
|
||||
|
|
Loading…
Reference in New Issue