forked from osmocom/wireshark
From Evan:
sanity checks before setting a packet's total length in fragment_set_tot_len() (from me: check if fragments exist for the given id) hopefully, this fixes #8111 and #8163 without causing troubles for other protocols that use fragmentation and reassembly svn path=/trunk/; revision=46999
This commit is contained in:
parent
697514cd35
commit
d3b504f331
|
@ -523,7 +523,9 @@ fragment_set_tot_len(const packet_info *pinfo, const guint32 id, GHashTable *fra
|
|||
const guint32 tot_len)
|
||||
{
|
||||
fragment_data *fd_head;
|
||||
fragment_key key;
|
||||
fragment_data *fd;
|
||||
fragment_key key;
|
||||
guint32 max_offset = 0;
|
||||
|
||||
/* create key to search hash with */
|
||||
key.src = pinfo->src;
|
||||
|
@ -531,13 +533,39 @@ fragment_set_tot_len(const packet_info *pinfo, const guint32 id, GHashTable *fra
|
|||
key.id = id;
|
||||
|
||||
fd_head = g_hash_table_lookup(fragment_table, &key);
|
||||
if (!fd_head)
|
||||
return;
|
||||
|
||||
if(fd_head){
|
||||
fd_head->datalen = tot_len;
|
||||
fd_head->flags |= FD_DATALEN_SET;
|
||||
/* Verify that the length (or block sequence number) we're setting
|
||||
* doesn't conflict with values set by existing fragments.
|
||||
*/
|
||||
fd = fd_head;
|
||||
if (fd_head->flags & FD_BLOCKSEQUENCE) {
|
||||
while (fd) {
|
||||
if (fd->offset > max_offset) {
|
||||
max_offset = fd->offset;
|
||||
DISSECTOR_ASSERT(max_offset <= tot_len);
|
||||
}
|
||||
fd = fd->next;
|
||||
}
|
||||
}
|
||||
else {
|
||||
while (fd) {
|
||||
if (fd->offset + fd->len > max_offset) {
|
||||
max_offset = fd->offset + fd->len;
|
||||
DISSECTOR_ASSERT(max_offset <= tot_len);
|
||||
}
|
||||
fd = fd->next;
|
||||
}
|
||||
}
|
||||
|
||||
return;
|
||||
if (fd_head->flags & FD_DEFRAGMENTED) {
|
||||
DISSECTOR_ASSERT(max_offset == tot_len);
|
||||
}
|
||||
|
||||
/* We got this far so the value is sane. */
|
||||
fd_head->datalen = tot_len;
|
||||
fd_head->flags |= FD_DATALEN_SET;
|
||||
}
|
||||
|
||||
guint32
|
||||
|
|
Loading…
Reference in New Issue