The last bits of https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8828

Convert the last DISSECTOR_ASSERTs into potential expert infos, and do the right offset manipulation and verification to avoid long (or infinite) loops when those conditions are hit. This includes fixing some long loops I accidentally introduced in r50432. svn path=/trunk/; revision=50478
2013-07-10 00:32:57 +00:00 · 2013-07-10 00:32:57 +00:00 · e2768d027c
parent 83322789d1
commit e2768d027c
1 changed files with 84 additions and 16 deletions
--- a/epan/dissectors/packet-dcom-sysact.c
+++ b/epan/dissectors/packet-dcom-sysact.c
@ -258,6 +258,8 @@ dissect_dcom_Property_Guid(tvbuff_t *tvb, gint offset, packet_info *pinfo,
    }
    else {
        /* TODO: expert info */
+        tvb_ensure_bytes_exist(tvb, offset, 16);
+        offset += 16;
    }

    return offset;
@ -287,6 +289,8 @@ dissect_dcom_Property_Size(tvbuff_t *tvb, gint offset, packet_info *pinfo,
    }
    else {
        /* TODO: expert info */
+        tvb_ensure_bytes_exist(tvb, offset, 4);
+        offset += 4;
    }

    return offset;
@ -488,6 +492,11 @@ dissect_dcom_SpecialSystemProperties(tvbuff_t *tvb, gint offset, packet_info *pi

    old_offset = offset;

+    if (size <= 0) {
+        /* TODO: expert info */
+        size = -1;
+    }
+
    sub_item = proto_tree_add_text(tree, tvb, offset, size, "SpecialSystemProperties");
    sub_tree = proto_item_add_subtree(sub_item, ett_dcom_spclsysprop);

@ -528,8 +537,11 @@ dissect_dcom_SpecialSystemProperties(tvbuff_t *tvb, gint offset, packet_info *pi
    }

    len = offset - old_offset;
-    DISSECTOR_ASSERT(len <= size);
-    if (size-len) {
+    if (size < len) {
+        /* TODO expert info */
+        size = len;
+    }
+    else if (size > len) {
        proto_tree_add_text(sub_tree, tvb, offset, size - len,
                "UnusedBuffer: %d bytes", size - len);
    }
@ -567,6 +579,11 @@ dissect_dcom_InstantiationInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,

    old_offset = offset;

+    if (size <= 0) {
+        /* TODO: expert info */
+        size = -1;
+    }
+
    sub_item = proto_tree_add_text(tree, tvb, offset, size, "InstantiationInfo");
    sub_tree = proto_item_add_subtree(sub_item, ett_dcom_instantianinfo);

@ -597,8 +614,11 @@ dissect_dcom_InstantiationInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
    offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);

    len = offset - old_offset;
-    DISSECTOR_ASSERT(len <= size);
-    if (size-len) {
+    if (size < len) {
+        /* TODO expert info */
+        size = len;
+    }
+    else if (size > len) {
        proto_tree_add_text(sub_tree, tvb, offset, size - len,
                "UnusedBuffer: %d bytes", size - len);
    }
@ -642,6 +662,11 @@ dissect_dcom_ActivationContextInfo(tvbuff_t *tvb, gint offset, packet_info *pinf

    old_offset = offset;

+    if (size <= 0) {
+        /* TODO: expert info */
+        size = -1;
+    }
+
    sub_item = proto_tree_add_text(tree, tvb, offset, size, "ActivationContextInfo");
    sub_tree = proto_item_add_subtree(sub_item, ett_dcom_actctxinfo);

@ -665,8 +690,11 @@ dissect_dcom_ActivationContextInfo(tvbuff_t *tvb, gint offset, packet_info *pinf
    offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);

    len = offset - old_offset;
-    DISSECTOR_ASSERT(len <= size);
-    if (size-len) {
+    if (size < len) {
+        /* TODO expert info */
+        size = len;
+    }
+    else if (size > len) {
        proto_tree_add_text(sub_tree, tvb, offset, size - len,
                "UnusedBuffer: %d bytes", size - len);
    }
@ -730,6 +758,11 @@ dissect_dcom_SecurtiyInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,

    old_offset = offset;

+    if (size <= 0) {
+        /* TODO: expert info */
+        size = -1;
+    }
+
    sub_item = proto_tree_add_text(tree, tvb, offset, size, "SecurityInfo");
    sub_tree = proto_item_add_subtree(sub_item, ett_dcom_securityinfo);

@ -745,8 +778,11 @@ dissect_dcom_SecurtiyInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
    offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);

    len = offset - old_offset;
-    DISSECTOR_ASSERT(len <= size);
-    if (size-len) {
+    if (size < len) {
+        /* TODO expert info */
+        size = len;
+    }
+    else if (size > len) {
        proto_tree_add_text(sub_tree, tvb, offset, size - len,
                "UnusedBuffer: %d bytes", size - len);
    }
@ -765,6 +801,11 @@ dissect_dcom_LocationInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,

    old_offset = offset;

+    if (size <= 0) {
+        /* TODO: expert info */
+        size = -1;
+    }
+
    sub_item = proto_tree_add_text(tree, tvb, offset, size, "LocationInfo");
    sub_tree = proto_item_add_subtree(sub_item, ett_dcom_locationinfo);

@ -784,8 +825,11 @@ dissect_dcom_LocationInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
    offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);

    len = offset - old_offset;
-    DISSECTOR_ASSERT(len <= size);
-    if (size-len) {
+    if (size < len) {
+        /* TODO expert info */
+        size = len;
+    }
+    else if (size > len) {
        proto_tree_add_text(sub_tree, tvb, offset, size - len,
                "UnusedBuffer: %d bytes", size - len);
    }
@ -855,6 +899,11 @@ dissect_dcom_ScmRqstInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,

    old_offset = offset;

+    if (size <= 0) {
+        /* TODO: expert info */
+        size = -1;
+    }
+
    sub_item = proto_tree_add_text(tree, tvb, offset, size, "ScmRequestInfo");
    sub_tree = proto_item_add_subtree(sub_item, ett_dcom_scmrqstinfo);

@ -869,8 +918,11 @@ dissect_dcom_ScmRqstInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
    offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);

    len = offset - old_offset;
-    DISSECTOR_ASSERT(len <= size);
-    if (size-len) {
+    if (size < len) {
+        /* TODO expert info */
+        size = len;
+    }
+    else if (size > len) {
        proto_tree_add_text(sub_tree, tvb, offset, size - len,
                "UnusedBuffer: %d bytes", size - len);
    }
@ -958,6 +1010,11 @@ dissect_dcom_PropsOutInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,

    old_offset = offset;

+    if (size <= 0) {
+        /* TODO: expert info */
+        size = -1;
+    }
+
    sub_item = proto_tree_add_text(tree, tvb, offset, size, "PropertiesOutput");
    sub_tree = proto_item_add_subtree(sub_item, ett_dcom_propsoutput);

@ -975,8 +1032,11 @@ dissect_dcom_PropsOutInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
    offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);

    len = offset - old_offset;
-    DISSECTOR_ASSERT(len <= size);
-    if (size-len) {
+    if (size < len) {
+        /* TODO expert info */
+        size = len;
+    }
+    else if (size > len) {
        proto_tree_add_text(sub_tree, tvb, offset, size - len,
                "UnusedBuffer: %d bytes", size - len);
    }
@ -1067,6 +1127,11 @@ dissect_dcom_ScmReplyInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,

    old_offset = offset;

+    if (size <= 0) {
+        /* TODO: expert info */
+        size = -1;
+    }
+
    sub_item = proto_tree_add_text(tree, tvb, offset, size, "ScmReplyInfo");
    sub_tree = proto_item_add_subtree(sub_item, ett_dcom_scmrespinfo);

@ -1081,8 +1146,11 @@ dissect_dcom_ScmReplyInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
    offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);

    len = offset - old_offset;
-    DISSECTOR_ASSERT(len <= size);
-    if (size-len) {
+    if (size < len) {
+        /* TODO expert info */
+        size = len;
+    }
+    else if (size > len) {
        proto_tree_add_text(sub_tree, tvb, offset, size - len,
                "UnusedBuffer: %d bytes", size - len);
    }