osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

BT HCI_ISO: Don't overrun our reassembly buffer. 

Fixes #17649.
This commit is contained in:
Gerald Combs 2021-10-13 09:28:07 -07:00 committed by Wireshark GitLab Utility
parent 79ed34e1c6
commit acaaad150b
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
epan/dissectors/packet-bthci_iso.c
View File

@ -407,6 +407,12 @@ dissect_bthci_iso(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *dat
if (!pinfo->fd->visited) {
len = tvb_captured_length_remaining(tvb, offset);
if (mfp != NULL && !mfp->last_frame) {
int avail = (int)mfp->tot_len - mfp->cur_off;
if (len > avail) {
expert_add_info(pinfo, sub_item, &ei_length_bad);
/* Try to reassemble as much as possible */
len = avail;
}
tvb_memcpy(tvb, (guint8 *) mfp->reassembled + mfp->cur_off, offset, len);
mfp->cur_off += len;
if (pb_flag == 0x03)
@ -520,7 +526,7 @@ proto_register_bthci_iso(void)
};
static ei_register_info ei[] = {
{ &ei_length_bad, { "bthci_iso.length.bad", PI_MALFORMED, PI_WARN, "Length too short", EXPFILL }},
{ &ei_length_bad, { "bthci_iso.length.bad", PI_MALFORMED, PI_WARN, "Invalid length", EXPFILL }},
};
/* Register the protocol name and description */