osmocom
/
wireshark
14
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

wsp: Sanity check capability length 

Bug: 13348
Change-Id: I64abc79475087f1c971419629b5c86e646123f3f
Reviewed-on: https://code.wireshark.org/review/19776
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit is contained in:
Michael Mann 2017-01-24 22:40:07 -05:00 committed by Anders Broman
parent 29d0f40d44
commit cfe7b85b86
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
epan/dissectors/packet-wsp.c
View File

@ -372,6 +372,7 @@ static int ett_te_value = -1;
static int ett_openwave_default = -1;
static expert_field ei_wsp_capability_invalid = EI_INIT;
static expert_field ei_wsp_capability_length_invalid = EI_INIT;
static expert_field ei_wsp_capability_encoding_invalid = EI_INIT;
static expert_field ei_wsp_text_field_invalid = EI_INIT;
static expert_field ei_wsp_header_invalid_value = EI_INIT;
@ -4631,6 +4632,7 @@ dissect_wsp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
tvbuff_t *tmp_tvb;
int found_match;
heur_dtbl_entry_t *hdtbl_entry;
proto_item* ti;
/* Set up structures we will need to add the protocol subtree and manage it */
proto_item *proto_ti = NULL; /* for the proto entry */
@ -4716,9 +4718,14 @@ dissect_wsp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
}
count = 0; /* Initialise count */
capabilityLength = tvb_get_guintvar (tvb, offset, &count, pinfo, &ei_wsp_oversized_uintvar);
proto_tree_add_uint (wsp_tree, hf_capabilities_length,
ti = proto_tree_add_uint (wsp_tree, hf_capabilities_length,
tvb, offset, count, capabilityLength);
offset += count;
if (capabilityLength > tvb_reported_length(tvb))
{
expert_add_info(pinfo, ti, &ei_wsp_capability_length_invalid);
break;
}
if (pdut != WSP_PDU_RESUME)
{
@ -7150,6 +7157,7 @@ proto_register_wsp(void)
static ei_register_info ei[] = {
{ &ei_wsp_capability_invalid, { "wsp.capability.invalid", PI_PROTOCOL, PI_WARN, "Invalid capability", EXPFILL }},
{ &ei_wsp_capability_length_invalid, { "wsp.capabilities.length.invalid", PI_PROTOCOL, PI_WARN, "Invalid capability length", EXPFILL }},
{ &ei_wsp_capability_encoding_invalid, { "wsp.capability_encoding.invalid", PI_PROTOCOL, PI_WARN, "Invalid capability encoding", EXPFILL }},
{ &ei_wsp_text_field_invalid, { "wsp.text_field_invalid", PI_PROTOCOL, PI_WARN, "Text field invalid", EXPFILL }},
{ &ei_wsp_invalid_parameter_value, { "wsp.invalid_parameter_value", PI_PROTOCOL, PI_WARN, "Invalid parameter value", EXPFILL }},