Strengthen the Diameter heuristics to avoid trying to reassemble enormous messages.

Fixes some heuristics mistakes pointed out in
http://ask.wireshark.org/questions/31227/diameter-reassembly-malformed-packets

Change-Id: Iffc97d46cee5dd532fec0031286927fbcb86c095
Reviewed-on: https://code.wireshark.org/review/949
Reviewed-by: Michael Mann <mmann78@netscape.net>

epan/dissectors/packet-diameter.c

@@ -1242,17 +1242,28 @@ get_diameter_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset)
 static gboolean
 check_diameter(tvbuff_t *tvb)
 {
-	if (tvb_length(tvb) < 1)
-		return FALSE;   /* not enough bytes to check the version */
+	guint32 diam_len;
 
+	/* Ensure we don't throw an exception trying to do these heuristics */
+	if (tvb_length(tvb) < 5)
+		return FALSE;
+
+	/* Check if the Diameter version is 1 */
 	if (tvb_get_guint8(tvb, 0) != 1)
-		return FALSE;   /* not version 1 */
+		return FALSE;
+
+	/* Check if the message size is reasonable.
+	 * Diameter messages can technically be of any size; this limit
+	 * is just a practical one (feel free to tune it).
+	 */
+	diam_len = tvb_get_ntoh24(tvb, 1);
+	if (diam_len > 8192)
+		return FALSE;
+
+	/* Check if any of the Reserved flag bits are set */
+	if (tvb_get_guint8(tvb, 4) & 0x0f)
+		return FALSE;
 
-		  /*
-		   * XXX - fetch length and make sure it's at least MIN_DIAMETER_SIZE?
-		   * Fetch flags and check that none of the DIAM_FLAGS_RESERVED bits
-		   * are set?
-		   */
 	return TRUE;
 }