osmocom
/
wireshark
14
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

btle: Correctly detect l2cap fragment start 

The first L2CAP PDU fragment starts with the 4 octet long L2CAP header
consisting of the Length and the CID fields. The Length field doesn't
include the header itself. Thus the Length field in the BLE Data header
will be 4 octets larger than the L2CAP PDU header Length field if the
packet wouldn't be fragmented.

The current implementation doesn't correctly detect the start fragment
causing reassembly to fail as it compares the BLE Data Length with the
L2CAP Length without compensating for the header.

By increasing the L2CAP PDU Length field with the header length the
reassembly works.

Rename the variable to better reflect what length it actually
represents.

Bug: 15807
Change-Id: Idcb6bdccc4daae756a63a9bae0839fe25ae99f23
Reviewed-on: https://code.wireshark.org/review/33428
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
This commit is contained in:
Jonas Jonsson 2019-05-30 21:18:19 +02:00 committed by Stig Bjørlykke
parent 860e73c88f
commit 49b6523c6c
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
epan/dissectors/packet-btle.c
View File

@ -1084,8 +1084,8 @@ dissect_btle(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
break;
case 0x02: /* Start of an L2CAP message or a complete L2CAP message with no fragmentation */
if (length > 0) {
guint le_frame_len = tvb_get_letohs(tvb, offset);
if (le_frame_len > length) {
guint l2cap_len = tvb_get_letohs(tvb, offset);
if (l2cap_len + 4 > length) { /* L2CAP PDU Length excludes the 4 octets header */
pinfo->fragmented = TRUE;
if (connection_info && !retransmit) {
if (!pinfo->fd->visited) {
@ -1093,7 +1093,7 @@ dissect_btle(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
/* The first two octets in the L2CAP PDU contain the length of the entire
* L2CAP PDU in octets, excluding the Length and CID fields(4 octets).
*/
connection_info->direction_info[direction].segment_len_rem = le_frame_len + 4 - length;
connection_info->direction_info[direction].segment_len_rem = l2cap_len + 4 - length;
connection_info->direction_info[direction].l2cap_index = l2cap_index;
btle_frame_info->more_fragments = 1;
btle_frame_info->l2cap_index = l2cap_index;