osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

The pcap-ng spec says the captured length is the minimum of the 

interface snapshot length and the packet length; make it so.

svn path=/trunk/; revision=52253
This commit is contained in:
Guy Harris 2013-09-28 21:06:17 +00:00
parent d399dcb52a
commit 658a16285e
1 changed files with 40 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
wiretap/pcapng.c
View File

@ -1286,11 +1286,13 @@ static int
pcapng_read_simple_packet_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t *pn, wtapng_block_t *wblock, int *err, gchar **err_info)
{
int bytes_read;
int block_read;
guint block_read;
guint64 file_offset64;
interface_data_t int_data;
int pseudo_header_len;
pcapng_simple_packet_block_t spb;
guint32 block_total_length;
guint32 padding;
int pseudo_header_len;
/*
* Is this block long enough to be an SPB?
@ -1345,30 +1347,45 @@ pcapng_read_simple_packet_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t *
/*
* The captured length is not a field in the SPB; it can be
* calculated as the minimum of:
*
* the number of bytes available for packet data in the block
* (it obviously can't be greater than that);
*
* the snapshot length from the IDB (which should limit the
* length of all packets);
*
* the packet length (you can't capture bytes that aren't there).
*
* The first of the three values will always be a multiple of
* 4 in a valid pcap-ng file, so there needs to be *some* way
* to eliminate padding. The second value will do so if the
* snapshot length is less than the amount of bytes available
* for packet data, but not if it's greater; the third value
* will do so if the packet length is less than the amount of
* bytes available for packet data, but not if it's greater.
* Therefore, we need to do both checks.
* calculated as the minimum of the snapshot length from the
* IDB and the packet length, as per the pcap-ng spec.
*/
wblock->data.simple_packet.cap_len = bh->block_total_length - MIN_SPB_SIZE;
wblock->data.simple_packet.cap_len = wblock->data.simple_packet.packet_len;
if (wblock->data.simple_packet.cap_len > int_data.snap_len)
wblock->data.simple_packet.cap_len = int_data.snap_len;
if (wblock->data.simple_packet.cap_len > wblock->data.simple_packet.packet_len)
wblock->data.simple_packet.cap_len = wblock->data.simple_packet.packet_len;
/*
* How much padding is there at the end of the packet data?
*/
if ((wblock->data.simple_packet.cap_len % 4) != 0)
padding = 4 - (wblock->data.simple_packet.cap_len % 4);
else
padding = 0;
/* add padding bytes to "block total length" */
/* (the "block total length" of some example files don't contain the packet data padding bytes!) */
if (bh->block_total_length % 4) {
block_total_length = bh->block_total_length + 4 - (bh->block_total_length % 4);
} else {
block_total_length = bh->block_total_length;
}
pcapng_debug1("pcapng_read_simple_packet_block: block_total_length %d", block_total_length);
/*
* Is this block long enough to hold the packet data?
*/
if (block_total_length < MIN_SPB_SIZE + wblock->data.simple_packet.cap_len + padding) {
/*
* No. That means that the problem is with the packet
* length; the snapshot length can be bigger than the amount
* of packet data in the block, as it's a *maximum* length,
* not a *minimum* length.
*/
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("pcapng_read_simple_packet_block: total block length %u of PB is too small for %u bytes of packet data",
block_total_length, wblock->data.simple_packet.packet_len);
return -1;
}
if (wblock->data.simple_packet.cap_len > WTAP_MAX_PACKET_SIZE) {
*err = WTAP_ERR_BAD_FILE;