osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

GTP, GTPv2: Use ENC_APN_STR for FQDN. 

Both specifications say: "The FQDN field encoding shall be identical
to the encoding of a FQDN within a DNS message of section 3.1 of IETF
RFC 1035 [31] but excluding the trailing zero byte."

Since it's only one name, that probably means that compression is
impossible, and indeed the dissectors already check and assume that
if the first byte is in the letter range, that it's probably incorrectly
directly encoded as a dotted string instead of DNS-style.

Since compression isn't supported, use ENC_APN_STR to avoid generating
bogus UTF-8 in packets with errors.

Fix #18531
This commit is contained in:
John Thacker 2022-10-23 19:37:10 -04:00
parent c6e228bb17
commit 70ebded081
2 changed files with 25 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
epan/dissectors/packet-gtp.c
View File

@ -6017,25 +6017,25 @@ decode_apn(tvbuff_t * tvb, int offset, guint16 length, proto_tree * tree, proto_
static void
decode_fqdn(tvbuff_t * tvb, int offset, guint16 length, proto_tree * tree, session_args_t * args _U_)
{
guint8 *fqdn = NULL;
int name_len, tmp;
int name_len;
/* "The FQDN field encoding shall be identical to the encoding of a FQDN
* within a DNS message of clause 3.1 of IETF RFC 1035 [45] but excluding
* the trailing zero byte"
*
* XXX: is compression possible?
*/
if (length > 0) {
name_len = tvb_get_guint8(tvb, offset);
if (name_len < 0x20) {
fqdn = tvb_get_string_enc(wmem_packet_scope(), tvb, offset + 1, length - 1, ENC_ASCII);
for (;;) {
if (name_len >= length - 1)
break;
tmp = name_len;
name_len = name_len + fqdn[tmp] + 1;
fqdn[tmp] = '.';
}
/* "NOTE 1: The FQDN field in the IE is not encoded as a dotted string"
* but if the first byte is large (in the letter range or higher),
* assume that it is so encoded incorrectly.
*/
if (name_len < 0x40) {
proto_tree_add_item(tree, hf_gtp_fqdn, tvb, offset, length, ENC_APN_STR);
} else
fqdn = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, length, ENC_ASCII);
proto_tree_add_string(tree, hf_gtp_fqdn, tvb, offset, length, fqdn);
proto_tree_add_item(tree, hf_gtp_fqdn, tvb, offset, length, ENC_ASCII);
}
}

24
epan/dissectors/packet-gtpv2.c
View File

@ -6196,29 +6196,27 @@ dissect_gtpv2_node_type(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree,
static void
dissect_gtpv2_fqdn(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, proto_item *item, guint16 length, guint8 message_type _U_, guint8 instance _U_, session_args_t * args _U_)
{
int offset = 0, name_len, tmp;
guint8 *fqdn = NULL;
int offset = 0, name_len;
const guint8 *fqdn = NULL;
/* The FQDN field encoding shall be identical to the encoding of
* a FQDN within a DNS message of section 3.1 of IETF
* RFC 1035 [31] but excluding the trailing zero byte.
*
* XXX: is compression possible?
*/
if (length > 0) {
name_len = tvb_get_guint8(tvb, offset);
if (name_len < 0x20) {
fqdn = tvb_get_string_enc(pinfo->pool, tvb, offset + 1, length - 1, ENC_ASCII);
for (;;) {
if (name_len >= length - 1)
break;
tmp = name_len;
name_len = name_len + fqdn[tmp] + 1;
fqdn[tmp] = '.';
}
/* "NOTE 1: The FQDN field in the IE is not encoded as a dotted string"
* but if the first byte is large (in the letter range or higher),
* assume that it is so encoded incorrectly.
*/
if (name_len < 0x40) {
proto_tree_add_item_ret_string(tree, hf_gtpv2_fqdn, tvb, offset, length, ENC_APN_STR, wmem_packet_scope(), &fqdn);
} else {
fqdn = tvb_get_string_enc(pinfo->pool, tvb, offset, length, ENC_ASCII);
proto_tree_add_item_ret_string(tree, hf_gtpv2_fqdn, tvb, offset, length, ENC_ASCII, wmem_packet_scope(), &fqdn);
}
proto_tree_add_string(tree, hf_gtpv2_fqdn, tvb, offset, length, fqdn);
proto_item_append_text(item, "%s", fqdn);
}
}