osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

From Greg Morris: 

Fix a bug in the dissection of multiple NDS messages being sent
	at the same time that the dissector was attempting to desegment
	data spanning multiple packets.  When a message was encountered
	during the desegmentation code the dissector would
	misinterpret the new message as an element in the data stream.
	Code was added to validate the desegmentation handle and
	validate which messages actually contain segmented data.

svn path=/trunk/; revision=11147
This commit is contained in:
Guy Harris 2004-06-15 09:23:59 +00:00
parent bc2aa5d20e
commit f6b5e5a7ec
2 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
packet-ncp-int.h
View File

@ -6,7 +6,7 @@
* Portions Copyright (c) Gilbert Ramirez 2000-2002
* Portions Copyright (c) Novell, Inc. 2000-2003
*
* $Id: packet-ncp-int.h,v 1.17 2003/09/24 03:34:00 guy Exp $
* $Id: packet-ncp-int.h,v 1.18 2004/06/15 09:23:59 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -98,6 +98,7 @@ typedef struct {
char object_name[256];
gboolean nds_frag;
guint32 nds_end_frag;
guint32 nds_frag_num;
} ncp_req_hash_value;
void dissect_ncp_request(tvbuff_t*, packet_info*, guint16,

22
packet-ncp2222.inc
View File

@ -11,7 +11,7 @@
* Portions Copyright (c) Gilbert Ramirez 2000-2002
* Portions Copyright (c) Novell, Inc. 2000-2003
*
* $Id: packet-ncp2222.inc,v 1.70 2004/02/29 08:01:22 guy Exp $
* $Id: packet-ncp2222.inc,v 1.71 2004/06/15 09:23:59 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -4127,7 +4127,7 @@ nds_defrag(tvbuff_t *tvb, packet_info *pinfo, guint16 nw_connection, guint8 sequ
for (i = 0; i < 9; i++) {
if (!frags[i].nds_fragmented)
{
frags[i].nds_frag = 0;
frags[i].nds_frag = 0xfffffff0;
}
}
/* Check to see if defragmentation is enabeled in the dissector */
@ -4173,13 +4173,14 @@ nds_defrag(tvbuff_t *tvb, packet_info *pinfo, guint16 nw_connection, guint8 sequ
}
/* Get the fragment flag */
nds_frag = tvb_get_letohl(tvb, 12);
/* Now we need to find if this is a new fragment or already one defined. */
/* We currently limit the maximum number of simultaneous fragments to 100. */
for (i=0; i<100; i++)
{
if (frags[i].nds_frag == nds_frag || frags[i].nds_frag == 0)
if (frags[i].nds_frag == nds_frag || frags[i].nds_frag == 0xfffffff0)
{
if (frags[i].nds_frag == 0)
if (frags[i].nds_frag == 0xfffffff0)
{
frags[i].nds_length = 0;
frags[i].nds_frag = nds_frag;
@ -4190,6 +4191,13 @@ nds_defrag(tvbuff_t *tvb, packet_info *pinfo, guint16 nw_connection, guint8 sequ
}
frag_count = i;
/* is this the end of an existing fragment or just another reply */
if (nds_frag == 0xffffffff && request_value->nds_frag_num == 0xffffffff)
{
dissect_ncp_reply(tvb, pinfo, nw_connection, sequence, type, tree);
return;
}
/* Now we process the fragments */
if (request_value->nds_frag || (request_value->nds_end_frag == pinfo->fd->num))
{
@ -4263,7 +4271,7 @@ nds_defrag(tvbuff_t *tvb, packet_info *pinfo, guint16 nw_connection, guint8 sequ
break;
}
}
if (frags[i].nds_frag == 0)
if (frags[i].nds_frag == 0xffffffff)
{
/* Error can't find fragment */
/*g_assert(0);*/
@ -4784,7 +4792,7 @@ dissect_ncp_reply(tvbuff_t *tvb, packet_info *pinfo,
error_string = ncp_error_string(ncp_rec->errors, completion_code);
}
else {
error_string = "Not OK";
error_string = "Original Request Packet not Found";
}
}
if (type == NCP_SERVICE_REPLY && ncp_rec && ncp_rec->func==0x68 &&
@ -8222,6 +8230,8 @@ dissect_nds_request(tvbuff_t *tvb, packet_info *pinfo,
if (ncp_rec && !ncp_tree) {
run_req_cond = TRUE;
}
/* Keep track of the Fragment number in the request for defrag logic */
request_value->nds_frag_num = nds_frag;
}
/* If we have to handle a request condition, or have to