osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

bpv6: Prevent infinite loops 

display_extension_block is supposed to return the current offset,
not the number of bytes remaining, which can be less than the current
offset and cause an infinite loop. In the case of errors, set
lastheader and return the current offset to break out of loops.
This commit is contained in:
John Thacker 2022-11-30 08:39:46 -05:00
parent 415296436b
commit f2a0d25dba
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
epan/dissectors/packet-bpv6.c
View File

@ -1586,7 +1586,8 @@ display_extension_block(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, int
proto_tree_add_item(block_tree, hf_bundle_block_previous_hop_eid, tvb, offset, block_length-scheme_length, ENC_ASCII);
if (block_length - scheme_length < 1) {
expert_add_info_format(pinfo, ti, &ei_bundle_offset_error, "Metadata Block Length Error");
return tvb_reported_length_remaining(tvb, offset);
*lastheader = TRUE;
return offset;
}
offset += block_length - scheme_length;
@ -1631,7 +1632,8 @@ display_extension_block(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, int
params_length = evaluate_sdnv_ei(tvb, offset, &sdnv_length, &ei);
if (ei) {
proto_tree_add_expert(block_tree, pinfo, ei, tvb, offset, -1);
return tvb_reported_length_remaining(tvb, offset);
*lastheader = TRUE;
return offset;
}
param_tree = proto_tree_add_subtree(block_tree, tvb, offset, params_length+1, ett_sec_block_param_data, NULL, "Ciphersuite Parameters Data");
proto_tree_add_int(param_tree, hf_block_ciphersuite_params_length, tvb, offset, sdnv_length, params_length);
@ -1648,7 +1650,8 @@ display_extension_block(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, int
proto_tree_add_int(param_tree, hf_block_ciphersuite_params_item_length, tvb, offset, sdnv_length, item_length);
if (ei) {
proto_tree_add_expert(param_tree, pinfo, ei, tvb, offset, -1);
return tvb_reported_length_remaining(tvb, offset);
*lastheader = TRUE;
return offset;
}
offset += sdnv_length;
@ -1757,7 +1760,8 @@ display_extension_block(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, int
/* and second is the creator custodian EID */
if (block_length - sdnv_length < 1) {
expert_add_info_format(pinfo, ti, &ei_bundle_offset_error, "Metadata Block Length Error");
return tvb_reported_length_remaining(tvb, offset);
*lastheader = TRUE;
return offset;
}
cteb_creator_custodian_eid_length = block_length - sdnv_length;
ti = proto_tree_add_item_ret_string(block_tree, hf_block_control_block_cteb_creator_custodian_eid, tvb, offset,