CIP: Highlight correct bytes in Req/Rsp processing

Previously, dissect_cip_generic_service_req and dissect_cip_generic_service_rsp set lengths at different levels of the packet. In some cases, this would cause a malformed packet when the data length was zero. This fixes the malformed error by explicitly setting the length, instead of using -1. The length of the service data set is not the data paylod for both cases. Previously, for requests, it attempted to highlight the whole CIP layer, but this was already covered by the full CIP protocol layer length. Change-Id: I4b4a99d30b9e04872fcf7ffb127c496e6062856c Reviewed-on: https://code.wireshark.org/review/25672 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot Reviewed-by: Michael Mann <mmann78@netscape.net>
2018-02-07 16:34:11 -05:00 · 2018-02-07 16:34:11 -05:00 · e4c5efafb7
parent 60c5ec67f8
commit e4c5efafb7
1 changed files with 9 additions and 5 deletions
--- a/epan/dissectors/packet-cip.c
+++ b/epan/dissectors/packet-cip.c
@ -5541,14 +5541,14 @@ dissect_cip_generic_service_req(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t

   add_cip_service_to_info_column(pinfo, service, cip_sc_vals);

+   req_path_size = tvb_get_guint8(tvb, offset + 1);
+   offset += ((req_path_size * 2) + 2);
+
   /* Create service tree */
-   cmd_data_tree = proto_tree_add_subtree(tree, tvb, 0, -1, ett_cmd_data, &cmd_data_item,
+   cmd_data_tree = proto_tree_add_subtree(tree, tvb, offset, 0, ett_cmd_data, &cmd_data_item,
                        val_to_str(service, cip_sc_vals , "Unknown Service (0x%02x)"));
   proto_item_append_text(cmd_data_item, " (Request)");

-   req_path_size = tvb_get_guint8( tvb, offset+1);
-   offset += ((req_path_size*2)+2);
-
   int parsed_len = 0;

   switch(service)
@ -5589,6 +5589,8 @@ dissect_cip_generic_service_req(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t
       proto_tree_add_item(cmd_data_tree, hf_cip_data, tvb, offset + parsed_len, remain_len, ENC_NA);
   }

+   proto_item_set_len(cmd_data_item, parsed_len + remain_len);
+
   return tvb_reported_length(tvb);
 }

@ -5931,7 +5933,7 @@ dissect_cip_generic_service_rsp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t

   add_cip_service_to_info_column(pinfo, service, cip_sc_vals);

-   cmd_data_tree = proto_tree_add_subtree(tree, tvb, offset, -1,
+   cmd_data_tree = proto_tree_add_subtree(tree, tvb, offset, 0,
       ett_cmd_data, &cmd_data_item, val_to_str(service, cip_sc_vals, "Unknown Service (0x%02x)"));
   proto_item_append_text(cmd_data_item, " (Response)");

@ -5984,6 +5986,8 @@ dissect_cip_generic_service_rsp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t
       proto_tree_add_item(cmd_data_tree, hf_cip_data, tvb, offset + parsed_len, remain_len, ENC_NA);
   }

+   proto_item_set_len(cmd_data_item, parsed_len + remain_len);
+
   return tvb_reported_length(tvb);
 }