From baebbbce4ddf33666e659fe6576076f6a93f3bd1 Mon Sep 17 00:00:00 2001 From: Nardi Ivan Date: Tue, 13 Oct 2020 20:26:47 +0200 Subject: [PATCH] QUIC: fix heuristic In the heuristic function we don't know the length of the CID in the short header, so we assume the worst case scenario compatible with packet length (no more than 20 bytes) --- epan/dissectors/packet-quic.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/epan/dissectors/packet-quic.c b/epan/dissectors/packet-quic.c index 7d8c02add9..7c0fb3da0e 100644 --- a/epan/dissectors/packet-quic.c +++ b/epan/dissectors/packet-quic.c @@ -3136,8 +3136,8 @@ dissect_quic_short_header_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tr } // DCID length is unknown, so extract the maximum and look for a match. - quic_cid_t dcid = {.len=QUIC_MAX_CID_LENGTH}; - tvb_memcpy(tvb, dcid.cid, 1, QUIC_MAX_CID_LENGTH); + quic_cid_t dcid = {.len = MIN(QUIC_MAX_CID_LENGTH, tvb_captured_length(tvb) - 1 - 1 - 16)}; + tvb_memcpy(tvb, dcid.cid, 1, dcid.len); gboolean from_server; if (!quic_connection_find(pinfo, QUIC_SHORT_PACKET, &dcid, &from_server)) { return FALSE;