From 70ebded081d4d61a1fce063704e3d25d98e0d66c Mon Sep 17 00:00:00 2001 From: John Thacker Date: Sun, 23 Oct 2022 19:37:10 -0400 Subject: [PATCH] GTP, GTPv2: Use ENC_APN_STR for FQDN. Both specifications say: "The FQDN field encoding shall be identical to the encoding of a FQDN within a DNS message of section 3.1 of IETF RFC 1035 [31] but excluding the trailing zero byte." Since it's only one name, that probably means that compression is impossible, and indeed the dissectors already check and assume that if the first byte is in the letter range, that it's probably incorrectly directly encoded as a dotted string instead of DNS-style. Since compression isn't supported, use ENC_APN_STR to avoid generating bogus UTF-8 in packets with errors. Fix #18531 --- epan/dissectors/packet-gtp.c | 28 ++++++++++++++-------------- epan/dissectors/packet-gtpv2.c | 24 +++++++++++------------- 2 files changed, 25 insertions(+), 27 deletions(-) diff --git a/epan/dissectors/packet-gtp.c b/epan/dissectors/packet-gtp.c index 9e82292e88..12b4c85043 100644 --- a/epan/dissectors/packet-gtp.c +++ b/epan/dissectors/packet-gtp.c @@ -6017,25 +6017,25 @@ decode_apn(tvbuff_t * tvb, int offset, guint16 length, proto_tree * tree, proto_ static void decode_fqdn(tvbuff_t * tvb, int offset, guint16 length, proto_tree * tree, session_args_t * args _U_) { - guint8 *fqdn = NULL; - int name_len, tmp; + int name_len; + /* "The FQDN field encoding shall be identical to the encoding of a FQDN + * within a DNS message of clause 3.1 of IETF RFC 1035 [45] but excluding + * the trailing zero byte" + * + * XXX: is compression possible? + */ if (length > 0) { name_len = tvb_get_guint8(tvb, offset); - if (name_len < 0x20) { - fqdn = tvb_get_string_enc(wmem_packet_scope(), tvb, offset + 1, length - 1, ENC_ASCII); - for (;;) { - if (name_len >= length - 1) - break; - tmp = name_len; - name_len = name_len + fqdn[tmp] + 1; - fqdn[tmp] = '.'; - } + /* "NOTE 1: The FQDN field in the IE is not encoded as a dotted string" + * but if the first byte is large (in the letter range or higher), + * assume that it is so encoded incorrectly. + */ + if (name_len < 0x40) { + proto_tree_add_item(tree, hf_gtp_fqdn, tvb, offset, length, ENC_APN_STR); } else - fqdn = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, length, ENC_ASCII); - - proto_tree_add_string(tree, hf_gtp_fqdn, tvb, offset, length, fqdn); + proto_tree_add_item(tree, hf_gtp_fqdn, tvb, offset, length, ENC_ASCII); } } diff --git a/epan/dissectors/packet-gtpv2.c b/epan/dissectors/packet-gtpv2.c index 78f6f1a7f1..4dbc563dcf 100644 --- a/epan/dissectors/packet-gtpv2.c +++ b/epan/dissectors/packet-gtpv2.c @@ -6196,29 +6196,27 @@ dissect_gtpv2_node_type(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, static void dissect_gtpv2_fqdn(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, proto_item *item, guint16 length, guint8 message_type _U_, guint8 instance _U_, session_args_t * args _U_) { - int offset = 0, name_len, tmp; - guint8 *fqdn = NULL; + int offset = 0, name_len; + const guint8 *fqdn = NULL; /* The FQDN field encoding shall be identical to the encoding of * a FQDN within a DNS message of section 3.1 of IETF * RFC 1035 [31] but excluding the trailing zero byte. + * + * XXX: is compression possible? */ if (length > 0) { name_len = tvb_get_guint8(tvb, offset); - if (name_len < 0x20) { - fqdn = tvb_get_string_enc(pinfo->pool, tvb, offset + 1, length - 1, ENC_ASCII); - for (;;) { - if (name_len >= length - 1) - break; - tmp = name_len; - name_len = name_len + fqdn[tmp] + 1; - fqdn[tmp] = '.'; - } + /* "NOTE 1: The FQDN field in the IE is not encoded as a dotted string" + * but if the first byte is large (in the letter range or higher), + * assume that it is so encoded incorrectly. + */ + if (name_len < 0x40) { + proto_tree_add_item_ret_string(tree, hf_gtpv2_fqdn, tvb, offset, length, ENC_APN_STR, wmem_packet_scope(), &fqdn); } else { - fqdn = tvb_get_string_enc(pinfo->pool, tvb, offset, length, ENC_ASCII); + proto_tree_add_item_ret_string(tree, hf_gtpv2_fqdn, tvb, offset, length, ENC_ASCII, wmem_packet_scope(), &fqdn); } - proto_tree_add_string(tree, hf_gtpv2_fqdn, tvb, offset, length, fqdn); proto_item_append_text(item, "%s", fqdn); } }