osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

NBAP: fix malformed packet error when having a single byte BindingID 

The tvb length must be checked before trying to read 2 bytes

Bug: 13577
Change-Id: I8ba8320b3a0a96239e52a36bc09bb6b41e65a657
Reviewed-on: https://code.wireshark.org/review/20991
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This commit is contained in:
Pascal Quantin 2017-04-10 10:13:33 +02:00 committed by Michael Mann
parent d10421a39a
commit 2861b38153
2 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
epan/dissectors/asn1/nbap/nbap.cnf
View File

@ -730,14 +730,14 @@ hsdsch_macdflow_ids[num_items-1] = hsdsch_macdflow_id;
if (!parameter_tvb)
return offset;
# BindingID ::= OCTET STRING (SIZE (1..4, ...))
# -- If the Binding ID includes a UDP port, the UDP port is included in octet 1 and 2.The first octet of
# -- the UDP port field is included in the first octet of the Binding ID.
BindingID_port = tvb_get_ntohs(parameter_tvb,0);
if(tvb_reported_length(parameter_tvb)==2){
if(tvb_reported_length(parameter_tvb)>=2){
BindingID_port = tvb_get_ntohs(parameter_tvb,0);
proto_item_append_text(actx->created_item, " (%%u)",BindingID_port);
}
}
#.FN_BODY RACH-ParametersItem-CTCH-SetupRqstFDD
address dst_addr, null_addr;

6
epan/dissectors/packet-nbap.c
View File

@ -8727,11 +8727,11 @@ dissect_nbap_BindingID(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_,
if (!parameter_tvb)
return offset;
BindingID_port = tvb_get_ntohs(parameter_tvb,0);
if(tvb_reported_length(parameter_tvb)==2){
if(tvb_reported_length(parameter_tvb)>=2){
BindingID_port = tvb_get_ntohs(parameter_tvb,0);
proto_item_append_text(actx->created_item, " (%u)",BindingID_port);
}
}