forked from osmocom/wireshark
sip: fix Authorization header with mixed quoted parameters
Fix to correctly read unquoted parameter values in Authorization lines. Code in master branch will look for double quotes as the end of a parameter value even in case the value is not enclosed in double quotes. This fix checks if the first character in a value is a double quote in which case it will scan until a non-escaped finishing double quote is found to determine the end of the value string. If no double quote is found as the start of the parameter value it will scan for a comma as the end of the value string. Change-Id: I5322caa146d3213bc94ad24528c2fa23cdea10f2 Bug: 13035 Reviewed-on: https://code.wireshark.org/review/18344 Reviewed-by: Peter Wu <peter@lekensteyn.nl> Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Roland Knall <rknall@gmail.com>
This commit is contained in:
parent
c9b5b6c13b
commit
f184dff876
|
@ -273,7 +273,6 @@ static ws_mempbrk_pattern pbrk_whitespace;
|
||||||
static ws_mempbrk_pattern pbrk_param_end;
|
static ws_mempbrk_pattern pbrk_param_end;
|
||||||
static ws_mempbrk_pattern pbrk_param_end_colon_brackets;
|
static ws_mempbrk_pattern pbrk_param_end_colon_brackets;
|
||||||
static ws_mempbrk_pattern pbrk_header_end_dquote;
|
static ws_mempbrk_pattern pbrk_header_end_dquote;
|
||||||
static ws_mempbrk_pattern pbrk_quotes;
|
|
||||||
static ws_mempbrk_pattern pbrk_tab_sp_fslash;
|
static ws_mempbrk_pattern pbrk_tab_sp_fslash;
|
||||||
static ws_mempbrk_pattern pbrk_addr_end;
|
static ws_mempbrk_pattern pbrk_addr_end;
|
||||||
static ws_mempbrk_pattern pbrk_via_param_end;
|
static ws_mempbrk_pattern pbrk_via_param_end;
|
||||||
|
@ -1939,12 +1938,11 @@ dissect_sip_contact_item(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gi
|
||||||
static gint
|
static gint
|
||||||
dissect_sip_authorization_item(tvbuff_t *tvb, proto_tree *tree, gint start_offset, gint line_end_offset)
|
dissect_sip_authorization_item(tvbuff_t *tvb, proto_tree *tree, gint start_offset, gint line_end_offset)
|
||||||
{
|
{
|
||||||
gint current_offset, par_name_end_offset, queried_offset;
|
gint current_offset, par_name_end_offset, queried_offset, value_offset, value_search_offset;
|
||||||
gint equals_offset = 0;
|
gint equals_offset = 0;
|
||||||
gchar *name;
|
gchar *name;
|
||||||
header_parameter_t *auth_parameter;
|
header_parameter_t *auth_parameter;
|
||||||
guint i = 0;
|
guint i = 0;
|
||||||
gchar c = '\0';
|
|
||||||
|
|
||||||
/* skip Spaces and Tabs */
|
/* skip Spaces and Tabs */
|
||||||
start_offset = tvb_skip_wsp(tvb, start_offset, line_end_offset - start_offset);
|
start_offset = tvb_skip_wsp(tvb, start_offset, line_end_offset - start_offset);
|
||||||
|
@ -1967,25 +1965,30 @@ dissect_sip_authorization_item(tvbuff_t *tvb, proto_tree *tree, gint start_offse
|
||||||
/* Extract the parameter name */
|
/* Extract the parameter name */
|
||||||
name = tvb_get_string_enc(wmem_packet_scope(), tvb, start_offset, par_name_end_offset-start_offset, ENC_UTF_8|ENC_NA);
|
name = tvb_get_string_enc(wmem_packet_scope(), tvb, start_offset, par_name_end_offset-start_offset, ENC_UTF_8|ENC_NA);
|
||||||
|
|
||||||
/* Find end of parameter, it can be a quoted string so check for quoutes too */
|
value_offset = tvb_skip_wsp(tvb, equals_offset + 1, line_end_offset - (equals_offset + 1));
|
||||||
queried_offset = tvb_ws_mempbrk_pattern_guint8(tvb, par_name_end_offset, line_end_offset - par_name_end_offset, &pbrk_quotes, &c);
|
if (tvb_get_guint8(tvb, value_offset) == '\"') {
|
||||||
if (queried_offset == -1) {
|
/* quoted value */
|
||||||
/* Last parameter, line end */
|
value_search_offset = value_offset;
|
||||||
current_offset = line_end_offset;
|
do {
|
||||||
}else if(c=='"'){
|
value_search_offset++;
|
||||||
/* Do we have a quoted string ? */
|
queried_offset = tvb_find_guint8 (tvb, value_search_offset, line_end_offset - value_search_offset, '\"');
|
||||||
queried_offset = tvb_find_guint8(tvb, queried_offset+1, line_end_offset - queried_offset, '"');
|
} while ((queried_offset != -1) && (tvb_get_guint8(tvb, queried_offset - 1) == '\\'));
|
||||||
if(queried_offset==-1){
|
if (queried_offset == -1) {
|
||||||
/* We have an opening quote but no closing quote. */
|
/* Closing quote not found, return line end */
|
||||||
queried_offset = line_end_offset;
|
current_offset = line_end_offset;
|
||||||
|
} else {
|
||||||
|
/* Include closing quotes */
|
||||||
|
current_offset = queried_offset + 1;
|
||||||
}
|
}
|
||||||
current_offset = tvb_find_guint8(tvb, queried_offset+1, line_end_offset - queried_offset, ',');
|
} else {
|
||||||
if(current_offset==-1){
|
/* unquoted value */
|
||||||
|
queried_offset = tvb_find_guint8 (tvb, value_offset, line_end_offset - value_offset, ',');
|
||||||
|
if (queried_offset == -1) {
|
||||||
/* Last parameter, line end */
|
/* Last parameter, line end */
|
||||||
current_offset = line_end_offset;
|
current_offset = line_end_offset;
|
||||||
|
} else {
|
||||||
|
current_offset = queried_offset;
|
||||||
}
|
}
|
||||||
}else{
|
|
||||||
current_offset = queried_offset;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Try to add parameter as a filterable item */
|
/* Try to add parameter as a filterable item */
|
||||||
|
@ -1996,7 +1999,7 @@ dissect_sip_authorization_item(tvbuff_t *tvb, proto_tree *tree, gint start_offse
|
||||||
if (g_ascii_strcasecmp(name, auth_parameter->param_name) == 0)
|
if (g_ascii_strcasecmp(name, auth_parameter->param_name) == 0)
|
||||||
{
|
{
|
||||||
proto_tree_add_item(tree, *(auth_parameter->hf_item), tvb,
|
proto_tree_add_item(tree, *(auth_parameter->hf_item), tvb,
|
||||||
equals_offset+1, current_offset-equals_offset-1,
|
value_offset, current_offset - value_offset,
|
||||||
ENC_UTF_8|ENC_NA);
|
ENC_UTF_8|ENC_NA);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -2008,6 +2011,13 @@ dissect_sip_authorization_item(tvbuff_t *tvb, proto_tree *tree, gint start_offse
|
||||||
proto_tree_add_format_text(tree, tvb, start_offset, current_offset-start_offset);
|
proto_tree_add_format_text(tree, tvb, start_offset, current_offset-start_offset);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Find comma/end of line */
|
||||||
|
queried_offset = tvb_find_guint8 (tvb, current_offset, line_end_offset - current_offset, ',');
|
||||||
|
if (queried_offset == -1) {
|
||||||
|
current_offset = line_end_offset;
|
||||||
|
} else {
|
||||||
|
current_offset = queried_offset;
|
||||||
|
}
|
||||||
return current_offset;
|
return current_offset;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -6788,7 +6798,6 @@ void proto_register_sip(void)
|
||||||
ws_mempbrk_compile(&pbrk_param_end, ">,;? \r");
|
ws_mempbrk_compile(&pbrk_param_end, ">,;? \r");
|
||||||
ws_mempbrk_compile(&pbrk_param_end_colon_brackets, ">,;? \r:[]");
|
ws_mempbrk_compile(&pbrk_param_end_colon_brackets, ">,;? \r:[]");
|
||||||
ws_mempbrk_compile(&pbrk_header_end_dquote, "\r\n,;\"");
|
ws_mempbrk_compile(&pbrk_header_end_dquote, "\r\n,;\"");
|
||||||
ws_mempbrk_compile(&pbrk_quotes, "'\"");
|
|
||||||
ws_mempbrk_compile(&pbrk_tab_sp_fslash, "\t /");
|
ws_mempbrk_compile(&pbrk_tab_sp_fslash, "\t /");
|
||||||
ws_mempbrk_compile(&pbrk_addr_end, "[] \t:;");
|
ws_mempbrk_compile(&pbrk_addr_end, "[] \t:;");
|
||||||
ws_mempbrk_compile(&pbrk_via_param_end, "\t;, ");
|
ws_mempbrk_compile(&pbrk_via_param_end, "\t;, ");
|
||||||
|
|
Loading…
Reference in New Issue