osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

UDPCP: Check signalled length against available payload 

Change-Id: I939b5e8944be02caf04151633cf33b5b92be6e2d
Reviewed-on: https://code.wireshark.org/review/36105
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
This commit is contained in:
Martin Mathieson 2020-02-14 14:59:13 +00:00 committed by Martin Mathieson
parent c74801c9d9
commit 36e5f9539e
1 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
epan/dissectors/packet-udpcp.c
View File

@ -14,7 +14,6 @@
/* TODO:
* - Check for expected Acks and link between Data and Ack frames
* - Verify length parameter against remaining payload
* - Calculate/verify Checksum field
* - Sequence number analysis, i.e.
* - check next expected Msg Id
@ -93,6 +92,7 @@ static expert_field ei_udpcp_checksum_should_be_zero = EI_INIT;
static expert_field ei_udpcp_d_not_zero_for_data = EI_INIT;
static expert_field ei_udpcp_reserved_not_zero = EI_INIT;
static expert_field ei_udpcp_n_s_ack = EI_INIT;
static expert_field ei_udpcp_payload_wrong_size = EI_INIT;
static dissector_handle_t udpcp_handle;
@ -308,9 +308,15 @@ dissect_udpcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U
/* There is data */
if ((fragment_amount == 1) && (fragment_number == 0)) {
/* Not fragmented - show payload now */
proto_tree_add_item(udpcp_tree, hf_udpcp_payload, tvb, offset, -1, ENC_ASCII);
proto_item *data_ti = proto_tree_add_item(udpcp_tree, hf_udpcp_payload, tvb, offset, -1, ENC_ASCII);
col_append_fstr(pinfo->cinfo, COL_INFO, " Data (%u bytes)", data_length);
/* Check length is as signalled */
if (data_length != (guint32)tvb_reported_length_remaining(tvb, offset)) {
expert_add_info_format(pinfo, data_ti, &ei_udpcp_payload_wrong_size, "Data length field was %u but %u bytes found",
data_length, tvb_reported_length_remaining(tvb, offset));
}
if (global_udpcp_decode_payload_as_soap) {
/* Send to XML dissector */
dissector_handle_t xml_handle = find_dissector("xml");
@ -344,9 +350,15 @@ dissect_udpcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U
&update_col_info, udpcp_tree);
if (next_tvb) {
/* Have reassembled data */
proto_tree_add_item(udpcp_tree, hf_udpcp_payload, next_tvb, 0, -1, ENC_ASCII);
proto_item *data_ti = proto_tree_add_item(udpcp_tree, hf_udpcp_payload, next_tvb, 0, -1, ENC_ASCII);
col_append_fstr(pinfo->cinfo, COL_INFO, " Reassembled Data (%u bytes)", data_length);
/* Check length is as signalled */
if (data_length != (guint32)tvb_reported_length_remaining(next_tvb, 0)) {
expert_add_info_format(pinfo, data_ti, &ei_udpcp_payload_wrong_size, "Data length field was %u but %u bytes found (reassembled)",
data_length, tvb_reported_length_remaining(next_tvb, 0));
}
if (global_udpcp_decode_payload_as_soap) {
/* Send to XML dissector */
dissector_handle_t xml_handle = find_dissector("xml");
@ -478,6 +490,8 @@ proto_register_udpcp(void)
{ &ei_udpcp_d_not_zero_for_data, { "udpcp.d-not-zero-data", PI_SEQUENCE, PI_ERROR, "D should be zero for data frames", EXPFILL }},
{ &ei_udpcp_reserved_not_zero, { "udpcp.reserved-not-zero", PI_MALFORMED, PI_WARN, "Reserved bits not zero", EXPFILL }},
{ &ei_udpcp_n_s_ack, { "udpcp.n-s-set-ack", PI_MALFORMED, PI_ERROR, "N or S set for ACK frame", EXPFILL }},
{ &ei_udpcp_payload_wrong_size, { "udpcp.payload-wrong-size", PI_MALFORMED, PI_ERROR, "Payload seen does not match size field", EXPFILL }},
};
module_t *udpcp_module;