From e50ba8e8b93549b1cf3e14987c15d98f8a0cf774 Mon Sep 17 00:00:00 2001 From: Richard Sharpe Date: Thu, 20 Jun 2019 20:30:14 -0400 Subject: [PATCH] ieee802.11: Add some expert infos when Phy Capabilities are short. This helps developers know they are missing bits of data that should be there by adding an expert info rather than showing a malformed packet. Bug: 15861 Change-Id: Iacd85be228c60e4e3dcef344a38506568172e0da Reviewed-on: https://code.wireshark.org/review/33691 Petri-Dish: Richard Sharpe Tested-by: Petri Dish Buildbot Reviewed-by: Alexis La Goutte --- epan/dissectors/packet-ieee80211.c | 38 +++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/epan/dissectors/packet-ieee80211.c b/epan/dissectors/packet-ieee80211.c index 682e42409f..2ba775ad05 100644 --- a/epan/dissectors/packet-ieee80211.c +++ b/epan/dissectors/packet-ieee80211.c @@ -20444,7 +20444,7 @@ dissect_he_capabilities(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, /* Get and isolate the phy channel witdth set */ phy_channel_width_set = tvb_get_guint8(tvb, offset) >> 1; - phy_cap_tree = proto_tree_add_subtree(tree, tvb, offset, 9, ett_he_phy_capabilities, + phy_cap_tree = proto_tree_add_subtree(tree, tvb, offset, 11, ett_he_phy_capabilities, NULL, "HE Phy Capabilities Information"); proto_tree_add_bitmask_with_flags(phy_cap_tree, tvb, offset, @@ -20475,6 +20475,13 @@ dissect_he_capabilities(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, he_phy_b72_to_b87_headers, ENC_LITTLE_ENDIAN, BMT_NO_APPEND); offset += 2; + if (tvb_reported_length_remaining(tvb, offset) < 2) { + expert_add_info_format(pinfo, phy_cap_tree, &ei_ieee80211_tag_length, + "Insufficient bytes for Phy Capabilities " + "Rx and Tx Maps 80MHz!"); + return; + } + /* Need the length first */ if (phy_channel_width_set & HE_CHANNEL_WIDTH_SET_B2) he_mcs_and_nss_len += 4; @@ -20493,6 +20500,14 @@ dissect_he_capabilities(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, ett_he_rx_mcs_map_lte_80, he_mcs_map_80_rx_headers, ENC_LITTLE_ENDIAN, BMT_NO_APPEND); offset += 2; + + if (tvb_reported_length_remaining(tvb, offset) < 2) { + expert_add_info_format(pinfo, phy_cap_tree, &ei_ieee80211_tag_length, + "Insufficient bytes for Phy Capabilities " + "Tx Maps 80MHz!"); + return; + } + proto_tree_add_bitmask_with_flags(rx_tx_he_mcs_map_80, tvb, offset, hf_he_tx_he_mcs_map_lte_80, ett_he_tx_mcs_map_lte_80, he_mcs_map_80_tx_headers, @@ -20500,6 +20515,12 @@ dissect_he_capabilities(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, offset += 2; if (phy_channel_width_set & HE_CHANNEL_WIDTH_SET_B2) { + if (tvb_reported_length_remaining(tvb, offset) < 2) { + expert_add_info_format(pinfo, phy_cap_tree, &ei_ieee80211_tag_length, + "Insufficient bytes for Phy Capabilities " + "Rx and Tx MCS Maps 160MHz!"); + return; + } rx_tx_he_mcs_map_160 = proto_tree_add_subtree(sup_he_mcs_and_nss_tree, tvb, offset, 4, ett_he_rx_tx_he_mcs_map_160, NULL, "Rx and Tx MCS Maps 160 MHz"); @@ -20508,6 +20529,14 @@ dissect_he_capabilities(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, ett_he_rx_mcs_map_160, he_mcs_map_160_rx_headers, ENC_LITTLE_ENDIAN, BMT_NO_APPEND); offset += 2; + + if (tvb_reported_length_remaining(tvb, offset) < 2) { + expert_add_info_format(pinfo, phy_cap_tree, &ei_ieee80211_tag_length, + "Insufficient bytes for Phy Capabilities " + "Tx MCS Maps 160MHz!"); + return; + } + proto_tree_add_bitmask_with_flags(rx_tx_he_mcs_map_160, tvb, offset, hf_he_tx_he_mcs_map_160, ett_he_tx_mcs_map_160, he_mcs_map_160_tx_headers, @@ -20516,6 +20545,13 @@ dissect_he_capabilities(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, } if (phy_channel_width_set & HE_CHANNEL_WIDTH_SET_B3) { + if (tvb_reported_length_remaining(tvb, offset) < 2) { + expert_add_info_format(pinfo, phy_cap_tree, &ei_ieee80211_tag_length, + "Insufficient bytes for Phy Capabilities " + "Rx and Tx MCS Maps 80+80 MHz!"); + return; + } + rx_tx_he_mcs_map_80_80 = proto_tree_add_subtree(sup_he_mcs_and_nss_tree, tvb, offset, 4, ett_he_rx_tx_he_mcs_map_80_80, NULL, "Rx and Tx MCS Maps 80+80 MHz");