Strengthen the Diameter heuristics to avoid trying to reassemble enormous messages.
Fixes some heuristics mistakes pointed out in http://ask.wireshark.org/questions/31227/diameter-reassembly-malformed-packets Change-Id: Iffc97d46cee5dd532fec0031286927fbcb86c095 Reviewed-on: https://code.wireshark.org/review/949 Reviewed-by: Michael Mann <mmann78@netscape.net>
This commit is contained in:
parent
df52f81ba5
commit
5bb64c00b6
|
@ -1242,17 +1242,28 @@ get_diameter_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset)
|
|||
static gboolean
|
||||
check_diameter(tvbuff_t *tvb)
|
||||
{
|
||||
if (tvb_length(tvb) < 1)
|
||||
return FALSE; /* not enough bytes to check the version */
|
||||
guint32 diam_len;
|
||||
|
||||
/* Ensure we don't throw an exception trying to do these heuristics */
|
||||
if (tvb_length(tvb) < 5)
|
||||
return FALSE;
|
||||
|
||||
/* Check if the Diameter version is 1 */
|
||||
if (tvb_get_guint8(tvb, 0) != 1)
|
||||
return FALSE; /* not version 1 */
|
||||
return FALSE;
|
||||
|
||||
/* Check if the message size is reasonable.
|
||||
* Diameter messages can technically be of any size; this limit
|
||||
* is just a practical one (feel free to tune it).
|
||||
*/
|
||||
diam_len = tvb_get_ntoh24(tvb, 1);
|
||||
if (diam_len > 8192)
|
||||
return FALSE;
|
||||
|
||||
/* Check if any of the Reserved flag bits are set */
|
||||
if (tvb_get_guint8(tvb, 4) & 0x0f)
|
||||
return FALSE;
|
||||
|
||||
/*
|
||||
* XXX - fetch length and make sure it's at least MIN_DIAMETER_SIZE?
|
||||
* Fetch flags and check that none of the DIAM_FLAGS_RESERVED bits
|
||||
* are set?
|
||||
*/
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue