From 4802e3300dc18a973f74990d0d3f96068a7759d1 Mon Sep 17 00:00:00 2001 From: Peter Wu Date: Sun, 12 Aug 2018 13:17:29 +0200 Subject: [PATCH] HTTP: ignore large Content-Length values The SSTP capture from bug 8239 failed to be recognized as SSTP. Its large Content-Length was parsed as -1 which triggered reassembly due to tvb_bytes_exist returning FALSE for negative lengths. Test: # Expect 'SSTP_DUPLEX_POST /' in the output of: tshark -r sstp.pcapng -ossl.keys_list:localhost,443,http,sstp.pem, -Y frame.number==174 -Px Change-Id: I40afaff8554f34f24e09bab184121ced59045954 Fixes: v2.9.0rc0-531-gd80acae40d ("tvbuff: make tvb_bytes_exist fail with negative values") Reviewed-on: https://code.wireshark.org/review/29109 Petri-Dish: Peter Wu Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman --- epan/req_resp_hdrs.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/epan/req_resp_hdrs.c b/epan/req_resp_hdrs.c index 2a48af0d1d..d9e3a2fa1e 100644 --- a/epan/req_resp_hdrs.c +++ b/epan/req_resp_hdrs.c @@ -17,6 +17,7 @@ #include #include +#include #include @@ -149,11 +150,11 @@ req_resp_hdrs_do_reassembly(tvbuff_t *tvb, const int offset, packet_info *pinfo, */ line = tvb_get_string_enc(wmem_packet_scope(), tvb, next_offset_sav, linelen, ENC_UTF_8|ENC_NA); if (g_ascii_strncasecmp(line, "Content-Length:", 15) == 0) { - /* XXX - what if it doesn't fit in an int? - (Do not "fix" that by making this - a "long"; make it a gint64 or a - guint64.) */ - if (sscanf(line+15,"%i", &content_length) == 1) + /* SSTP sets 2^64 as length, but does not really have such a + * large payload. Since the current tvb APIs are limited to + * 2^31-1 bytes, ignore large values we cannot handle. */ + header_val = g_strstrip(line + 15); + if (ws_strtoi32(header_val, NULL, &content_length) && content_length >= 0) content_length_found = TRUE; } else if (g_ascii_strncasecmp(line, "Content-Type:", 13) == 0) { content_type_found = TRUE;