NBAP: fix malformed packet error when having a single byte BindingID
The tvb length must be checked before trying to read 2 bytes Bug: 13577 Change-Id: I8ba8320b3a0a96239e52a36bc09bb6b41e65a657 Reviewed-on: https://code.wireshark.org/review/20991 Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com> Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
This commit is contained in:
parent
d10421a39a
commit
2861b38153
|
@ -730,14 +730,14 @@ hsdsch_macdflow_ids[num_items-1] = hsdsch_macdflow_id;
|
|||
|
||||
if (!parameter_tvb)
|
||||
return offset;
|
||||
|
||||
# BindingID ::= OCTET STRING (SIZE (1..4, ...))
|
||||
# -- If the Binding ID includes a UDP port, the UDP port is included in octet 1 and 2.The first octet of
|
||||
# -- the UDP port field is included in the first octet of the Binding ID.
|
||||
BindingID_port = tvb_get_ntohs(parameter_tvb,0);
|
||||
|
||||
if(tvb_reported_length(parameter_tvb)==2){
|
||||
if(tvb_reported_length(parameter_tvb)>=2){
|
||||
BindingID_port = tvb_get_ntohs(parameter_tvb,0);
|
||||
proto_item_append_text(actx->created_item, " (%%u)",BindingID_port);
|
||||
}
|
||||
}
|
||||
|
||||
#.FN_BODY RACH-ParametersItem-CTCH-SetupRqstFDD
|
||||
address dst_addr, null_addr;
|
||||
|
|
|
@ -8727,11 +8727,11 @@ dissect_nbap_BindingID(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_,
|
|||
|
||||
if (!parameter_tvb)
|
||||
return offset;
|
||||
BindingID_port = tvb_get_ntohs(parameter_tvb,0);
|
||||
|
||||
if(tvb_reported_length(parameter_tvb)==2){
|
||||
if(tvb_reported_length(parameter_tvb)>=2){
|
||||
BindingID_port = tvb_get_ntohs(parameter_tvb,0);
|
||||
proto_item_append_text(actx->created_item, " (%u)",BindingID_port);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue