osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Do not iterate over reported length when using tvb_find_line_end 

if captured length < reported length, this will trigger an infinite loop

Change-Id: I6557b455e7bbff12658a934e5bb13a42c023e133
Reviewed-on: https://code.wireshark.org/review/7053
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This commit is contained in:
Pascal Quantin 2015-02-10 13:49:28 +01:00
parent 7369c25ad4
commit e915db7cc8
16 changed files with 27 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
epan/dissectors/packet-catapult-dct2000.c
View File

@ -1910,7 +1910,7 @@ static void dissect_tty_lines(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tre
tty_tree = proto_item_add_subtree(ti, ett_catapult_dct2000_tty);
/* Show the tty lines one at a time. */
while (tvb_reported_length_remaining(tvb, offset) > 0) {
while (tvb_offset_exists(tvb, offset)) {
/* Find the end of the line. */
int linelen = tvb_find_line_end_unquoted(tvb, offset, -1, &next_offset);

4
epan/dissectors/packet-http.c
View File

@ -843,7 +843,7 @@ dissect_http_message(tvbuff_t *tvb, int offset, packet_info *pinfo,
headers.transfer_encoding = NULL; /* transfer encoding not known yet */
headers.upgrade = 0; /* assume we're not upgrading */
saw_req_resp_or_header = FALSE; /* haven't seen anything yet */
while (tvb_reported_length_remaining(tvb, offset) > 0) {
while (tvb_offset_exists(tvb, offset)) {
/*
* Find the end of the line.
* XXX - what if we don't find it because the packet
@ -3426,7 +3426,7 @@ dissect_message_http(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
ti = proto_tree_add_item(tree, proto_message_http,
tvb, 0, -1, ENC_NA);
subtree = proto_item_add_subtree(ti, ett_message_http);
while (tvb_reported_length_remaining(tvb, offset) > 0) {
while (tvb_offset_exists(tvb, offset)) {
len = tvb_find_line_end(tvb, offset,
tvb_ensure_captured_length_remaining(tvb, offset),
&next_offset, FALSE);

2
epan/dissectors/packet-irc.c
View File

@ -469,7 +469,7 @@ dissect_irc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
/*
* Process the packet data, a line at a time.
*/
while (tvb_reported_length_remaining(tvb, offset) > 0)
while (tvb_offset_exists(tvb, offset))
{
/*
* Find the end of the line.

2
epan/dissectors/packet-l1-events.c
View File

@ -83,7 +83,7 @@ dissect_l1_events(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* dat
proto_item_append_text(ti, ": %s", data_name);
subtree = proto_item_add_subtree(ti, ett_l1_events);
/* Read the media line by line */
while (tvb_reported_length_remaining(tvb, offset) != 0) {
while (tvb_offset_exists(tvb, offset)) {
/*
* XXX - we need to be passed the parameters
* of the content type via data parameter,

2
epan/dissectors/packet-ldss.c
View File

@ -510,7 +510,7 @@ dissect_ldss_transfer (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void
/* Grab each line from the packet, there should be 4 but lets
* not walk off the end looking for more. */
while (offset < tvb_reported_length(tvb)) {
while (tvb_offset_exists(tvb, offset)) {
gint next_offset;
const guint8 *line;
int linelen;

5
epan/dissectors/packet-megaco.c
View File

@ -3226,10 +3226,9 @@ dissect_megaco_LocalControldescriptor(tvbuff_t *tvb, proto_tree *megaco_mediades
static void tvb_raw_text_add(tvbuff_t *tvb, proto_tree *tree){
gint tvb_linebegin,tvb_lineend,tvb_len,linelen;
gint tvb_linebegin,tvb_lineend,linelen;
tvb_linebegin = 0;
tvb_len = tvb_reported_length(tvb);
proto_tree_add_text(tree, tvb, 0, -1,"-------------- (RAW text output) ---------------");
@ -3239,7 +3238,7 @@ static void tvb_raw_text_add(tvbuff_t *tvb, proto_tree *tree){
"%s", tvb_format_text_wsp(tvb,tvb_linebegin,
linelen));
tvb_linebegin = tvb_lineend;
} while ( tvb_lineend < tvb_len && linelen > 0);
} while (tvb_offset_exists(tvb, tvb_lineend) && linelen > 0);
}
/*

6
epan/dissectors/packet-memcache.c
View File

@ -1003,7 +1003,7 @@ incr_dissector (tvbuff_t *tvb, proto_tree *tree, int offset)
int tokenlen;
/* expecting to read 'bytes' number of bytes from the buffer. */
if (tvb_reported_length_remaining (tvb, offset) != 0) {
if (tvb_offset_exists (tvb, offset)) {
/* Find the end of the line. */
linelen = tvb_find_line_end (tvb, offset,
tvb_ensure_length_remaining (tvb, offset), &next_offset,
@ -1054,7 +1054,7 @@ stat_dissector (tvbuff_t *tvb, proto_tree *tree, int offset)
guint32 slabclass;
guchar response_chars[21];
while (tvb_reported_length_remaining (tvb, offset) != 0) {
while (tvb_offset_exists (tvb, offset)) {
/* Find the end of the line. */
linelen = tvb_find_line_end (tvb, offset,
tvb_ensure_length_remaining (tvb, offset), &next_offset,
@ -1167,7 +1167,7 @@ get_response_dissector (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int
gchar response_chars[21]; /* cover uint64 (20 + 1) bytes*/
/* expecting to read 'bytes' number of bytes from the buffer. */
while (tvb_reported_length_remaining (tvb, offset) != 0) {
while (tvb_offset_exists (tvb, offset)) {
/* Find the end of the line. */
linelen = tvb_find_line_end (tvb, offset,
tvb_ensure_length_remaining (tvb, offset), &next_offset,

11
epan/dissectors/packet-mgcp.c
View File

@ -557,10 +557,9 @@ static void dissect_mgcp_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *
*/
static void mgcp_raw_text_add(tvbuff_t *tvb, proto_tree *tree)
{
gint tvb_linebegin, tvb_lineend, tvb_len, linelen;
gint tvb_linebegin, tvb_lineend, linelen;
tvb_linebegin = 0;
tvb_len = tvb_reported_length(tvb);
do
{
@ -568,7 +567,7 @@ static void mgcp_raw_text_add(tvbuff_t *tvb, proto_tree *tree)
linelen = tvb_lineend - tvb_linebegin;
proto_tree_add_format_text(tree, tvb, tvb_linebegin, linelen);
tvb_linebegin = tvb_lineend;
} while (tvb_lineend < tvb_len);
} while (tvb_offset_exists(tvb, tvb_lineend));
}
/* Discard and init any state we've saved */
@ -1150,7 +1149,7 @@ static void dissect_mgcp_firstline(tvbuff_t *tvb, packet_info *pinfo, proto_tree
tvb_current_len);
}
tokennum++;
} while (tvb_current_offset < tvb_len && tvb_previous_offset < tvb_len && tokennum <= 3);
} while (tvb_current_offset < tvb_len && tvb_offset_exists(tvb, tvb_current_offset) && tvb_previous_offset < tvb_len && tokennum <= 3);
switch (mgcp_type)
{
@ -1419,7 +1418,7 @@ static void dissect_mgcp_params(tvbuff_t *tvb, proto_tree *tree)
mgcp_param_tree = proto_item_add_subtree(mgcp_param_ti, ett_mgcp_param);
/* Parse the parameters */
while (tvb_lineend < tvb_len)
while (tvb_offset_exists(tvb, tvb_lineend))
{
old_lineend = tvb_lineend;
linelen = tvb_find_line_end(tvb, tvb_linebegin, -1, &tvb_lineend, FALSE);
@ -1790,7 +1789,7 @@ static gint tvb_find_null_line(tvbuff_t* tvb, gint offset, gint len, gint* next_
tvb_current_len = tvb_reported_length_remaining(tvb, tvb_linebegin);
tvb_find_line_end(tvb, tvb_linebegin, tvb_current_len, &tvb_lineend, FALSE);
tempchar = tvb_get_guint8(tvb, tvb_linebegin);
} while (tempchar != '\r' && tempchar != '\n' && tvb_lineend <= maxoffset);
} while (tempchar != '\r' && tempchar != '\n' && tvb_lineend <= maxoffset && tvb_offset_exists(tvb, tvb_lineend));
*next_offset = tvb_lineend;

2
epan/dissectors/packet-mrcpv2.c
View File

@ -609,7 +609,7 @@ dissect_mrcpv2_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
/* process the rest of the header lines here */
content_length = 0;
while (next_offset < tvb_len)
while (tvb_offset_exists(tvb, next_offset))
{
/* get next line */
offset = next_offset;

4
epan/dissectors/packet-msrp.c
View File

@ -393,7 +393,7 @@ find_end_line(tvbuff_t *tvb, gint start)
{
gint offset = start, next_offset, linelen;
while (tvb_length_remaining(tvb, offset) > 0) {
while (tvb_offset_exists(tvb, offset)) {
/* 'desegment' is FALSE so will set next_offset to beyond the end of
the buffer if no line ending is found */
linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE);
@ -583,7 +583,7 @@ dissect_msrp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_
/*
* Process the headers
*/
while (tvb_reported_length_remaining(tvb, offset) > 0 && offset < end_line_offset ) {
while (tvb_offset_exists(tvb, offset) && offset < end_line_offset ) {
/* 'desegment' is FALSE so will set next_offset to beyond the end of
the buffer if no line ending is found */
linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE);

4
epan/dissectors/packet-multipart.c
View File

@ -454,7 +454,7 @@ find_first_boundary(tvbuff_t *tvb, gint start, const guint8 *boundary,
{
gint offset = start, next_offset, line_len, boundary_start;
while (tvb_reported_length_remaining(tvb, offset + 2 + boundary_len) > 0) {
while (tvb_offset_exists(tvb, offset + 2 + boundary_len)) {
boundary_start = offset;
if (((tvb_strneql(tvb, offset, (const guint8 *)"--", 2) == 0)
&& (tvb_strneql(tvb, offset + 2, boundary, boundary_len) == 0)))
@ -500,7 +500,7 @@ find_next_boundary(tvbuff_t *tvb, gint start, const guint8 *boundary,
{
gint offset = start, next_offset, line_len, boundary_start;
while (tvb_reported_length_remaining(tvb, offset + 2 + boundary_len) > 0) {
while (tvb_offset_exists(tvb, offset + 2 + boundary_len)) {
line_len = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE);
if (line_len == -1) {
return -1;

2
epan/dissectors/packet-rtsp.c
View File

@ -833,7 +833,7 @@ dissect_rtspmessage(tvbuff_t *tvb, int offset, packet_info *pinfo,
* Process the packet data, a line at a time.
*/
saw_req_resp_or_header = FALSE; /* haven't seen anything yet */
while (tvb_reported_length_remaining(tvb, offset) != 0) {
while (tvb_offset_exists(tvb, offset)) {
/*
* We haven't yet concluded that this is a header.
*/

4
epan/dissectors/packet-sdp.c
View File

@ -1974,7 +1974,7 @@ setup_sdp_transport(tvbuff_t *tvb, packet_info *pinfo, enum sdp_exchange_type ex
/*
* Show the SDP message a line at a time.
*/
while (tvb_reported_length_remaining(tvb, offset) > 0) {
while (tvb_offset_exists(tvb, offset)) {
/*
* Find the end of the line.
*/
@ -2329,7 +2329,7 @@ dissect_sdp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
*/
in_media_description = FALSE;
while (tvb_reported_length_remaining(tvb, offset) > 0) {
while (tvb_offset_exists(tvb, offset)) {
/*
* Find the end of the line.
*/

2
epan/dissectors/packet-sip.c
View File

@ -2732,7 +2732,7 @@ dissect_sip_common(tvbuff_t *tvb, int offset, int remaining_length, packet_info
if(tvb_reported_length_remaining(tvb, next_offset) <= 0){
is_no_header_termination = TRUE;
}else{
while ((c = tvb_get_guint8(tvb, next_offset)) == ' ' || c == '\t')
while (tvb_offset_exists(tvb, next_offset) && ((c = tvb_get_guint8(tvb, next_offset)) == ' ' || c == '\t'))
{
/*
* This line end is not a header seperator.

2
epan/dissectors/packet-sipfrag.c
View File

@ -65,7 +65,7 @@ static void dissect_sipfrag(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
sipfrag_tree = proto_item_add_subtree(ti, ett_sipfrag);
/* Show the sipfrag message a line at a time. */
while (tvb_reported_length_remaining(tvb, offset) > 0)
while (tvb_offset_exists(tvb, offset))
{
/* Find the end of the line. */
linelen = tvb_find_line_end_unquoted(tvb, offset, -1, &next_offset);

2
epan/dissectors/packet-text-media.c
View File

@ -98,7 +98,7 @@ dissect_text_lines(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* da
proto_item_append_text(ti, ": %s", data_name);
subtree = proto_item_add_subtree(ti, ett_text_lines);
/* Read the media line by line */
while (tvb_reported_length_remaining(tvb, offset) != 0) {
while (tvb_offset_exists(tvb, offset)) {
/*
* XXX - we need to be passed the parameters
* of the content type via data parameter,