Bluetooth: BTLE: Fix data handling from previous dissector

Check previous dissector before cast data parameter. That also causes Head overflow too. Change-Id: I8f6ce2ec183e4c757613fd7e1959d9d0e4cfc89e Reviewed-on: https://code.wireshark.org/review/8512 Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
2015-05-08 09:10:35 +02:00 · 2015-05-08 09:10:35 +02:00 · ac747a3a5d
parent a0569ac1f0
commit ac747a3a5d
1 changed files with 24 additions and 5 deletions
--- a/epan/dissectors/packet-btle.c
+++ b/epan/dissectors/packet-btle.c
@ -36,6 +36,8 @@
 #include "packet-bthci_acl.h"

 static int proto_btle = -1;
+static int proto_btle_rf = -1;
+static int proto_ubertooth = -1;

 static int hf_access_address = -1;
 static int hf_crc = -1;
@ -325,14 +327,28 @@ dissect_btle(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
          CRC_CORRECT} crc_status = CRC_INDETERMINATE;
    guint32      crc_init = 0x555555; /* default to advertising channel's value */
    guint32      packet_crc;
-    const btle_context_t  *btle_context = (const btle_context_t *) data;
+    const btle_context_t  *btle_context   = NULL;
    bluetooth_data_t      *bluetooth_data = NULL;
    ubertooth_data_t      *ubertooth_data = NULL;
+    gint                   previous_proto;
+    wmem_list_frame_t     *list_data;

-    if (btle_context)
-        bluetooth_data = btle_context->previous_protocol_data.bluetooth_data;
-    if (bluetooth_data)
-        ubertooth_data = bluetooth_data->previous_protocol_data.ubertooth_data;
+    list_data = wmem_list_frame_prev(wmem_list_tail(pinfo->layers));
+    if (list_data) {
+        previous_proto = GPOINTER_TO_INT(wmem_list_frame_data(list_data));
+
+        if (previous_proto == proto_btle_rf) {
+            btle_context = (const btle_context_t *) data;
+            bluetooth_data = btle_context->previous_protocol_data.bluetooth_data;
+        } else if (previous_proto == proto_bluetooth) {
+            bluetooth_data = (bluetooth_data_t *) data;
+        }
+
+        list_data = wmem_list_frame_prev(list_data);
+        if (bluetooth_data && list_data && proto_ubertooth == GPOINTER_TO_INT(wmem_list_frame_data(list_data))) {
+            ubertooth_data = bluetooth_data->previous_protocol_data.ubertooth_data;
+        }
+    }

    src_bd_addr = (gchar *) wmem_alloc(pinfo->pool, 6);
    dst_bd_addr = (gchar *) wmem_alloc(pinfo->pool, 6);
@ -1378,6 +1394,9 @@ proto_reg_handoff_btle(void)
    btcommon_le_channel_map_handle = find_dissector("btcommon.le_channel_map");
    btl2cap_handle = find_dissector("btl2cap");

+    proto_btle_rf = proto_get_id_by_filter_name("btle_rf");
+    proto_ubertooth = proto_get_id_by_filter_name("ubertooth");
+
    dissector_add_uint("bluetooth.encap", WTAP_ENCAP_BLUETOOTH_LE_LL, btle_handle);
 }