osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

IxVeriWave: Adjust signature timestamp checking. 

Move the signature timestamp bounds checks inside get_signature_ts. Fix
what appears to be an off-by-one error.

Bug: 14297
Change-Id: I9ca1762a8418e47153f270a1a62b2d0d3a800130
Reviewed-on: https://code.wireshark.org/review/25229
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit is contained in:
Gerald Combs 2018-01-09 09:45:13 -08:00 committed by Anders Broman
parent 33708998b4
commit 5dbc1d8d1c
1 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
wiretap/vwr.c
View File

@ -808,7 +808,7 @@ static gboolean vwr_read_rec_data_ethernet(vwr_t *, struct wtap_pkthdr *,
int, int *, gchar **);
static int find_signature(const guint8 *, int, int, register guint32, register guint8);
static guint64 get_signature_ts(const guint8 *, int);
static guint64 get_signature_ts(const guint8 *, int, int);
static float get_legacy_rate(guint8);
static float get_ht_rate(guint8, guint16);
static float get_vht_rate(guint8, guint16, guint8);
@ -1268,8 +1268,8 @@ static gboolean vwr_read_s1_W_rec(vwr_t *vwr, struct wtap_pkthdr *phdr,
/* extract the 32 LSBs of the signature timestamp field from the data block*/
pay_off = 42; /* 24 (MAC) + 8 (SNAP) + IP */
sig_off = find_signature(m_ptr, rec_size - 6, pay_off, flow_id, flow_seq);
if ((m_ptr[sig_off] == 0xdd) && (sig_off + 15 <= (rec_size - v22_W_STATS_LEN)))
sig_ts = get_signature_ts(m_ptr, sig_off);
if (m_ptr[sig_off] == 0xdd)
sig_ts = get_signature_ts(m_ptr, sig_off, rec_size - v22_W_STATS_LEN);
else
sig_ts = 0;
@ -1669,8 +1669,8 @@ static gboolean vwr_read_s2_W_rec(vwr_t *vwr, struct wtap_pkthdr *phdr,
m_ptr = &(rec[8+12]);
pay_off = 42; /* 24 (MAC) + 8 (SNAP) + IP */
sig_off = find_signature(m_ptr, rec_size - 20, pay_off, flow_id, flow_seq);
if ((m_ptr[sig_off] == 0xdd) && (sig_off + 15 <= (rec_size - vVW510021_W_STATS_TRAILER_LEN)))
sig_ts = get_signature_ts(m_ptr, sig_off);
if (m_ptr[sig_off] == 0xdd)
sig_ts = get_signature_ts(m_ptr, sig_off, rec_size - vVW510021_W_STATS_TRAILER_LEN);
else
sig_ts = 0;
@ -2168,8 +2168,8 @@ static gboolean vwr_read_s3_W_rec(vwr_t *vwr, struct wtap_pkthdr *phdr,
m_ptr = &(rec[stats_offset+8+12]);
pay_off = 42; /* 24 (MAC) + 8 (SNAP) + IP */
sig_off = find_signature(m_ptr, rec_size - 20, pay_off, flow_id, flow_seq);
if ((m_ptr[sig_off] == 0xdd) && (sig_off + 15 <= (rec_size - vVW510021_W_STATS_TRAILER_LEN)))
sig_ts = get_signature_ts(m_ptr, sig_off);
if (m_ptr[sig_off] == 0xdd)
sig_ts = get_signature_ts(m_ptr, sig_off, rec_size - vVW510021_W_STATS_TRAILER_LEN);
else
sig_ts = 0;
@ -2692,8 +2692,8 @@ static gboolean vwr_read_rec_data_ethernet(vwr_t *vwr, struct wtap_pkthdr *phdr,
}
sig_off = find_signature(m_ptr, rec_size, pay_off, flow_id, flow_seq);
if ((m_ptr[sig_off] == 0xdd) && (sig_off + 15 <= msdu_length) && (f_flow != 0))
sig_ts = get_signature_ts(m_ptr, sig_off);
if ((m_ptr[sig_off] == 0xdd) && (f_flow != 0))
sig_ts = get_signature_ts(m_ptr, sig_off, msdu_length);
else
sig_ts = 0;
@ -3233,11 +3233,14 @@ int find_signature(const guint8 *m_ptr, int rec_size, int pay_off, guint32 flow_
}
/* utility routine: harvest the signature time stamp from the data frame */
guint64 get_signature_ts(const guint8 *m_ptr,int sig_off)
guint64 get_signature_ts(const guint8 *m_ptr,int sig_off, int sig_max)
{
int ts_offset;
guint64 sig_ts;
if (sig_off + 15 >= sig_max)
return 0;
if (m_ptr[sig_off + 15] == 0xe2)
ts_offset = 5;
else