From f45ef3d46d668123cf1998fc46036ff20834b7d9 Mon Sep 17 00:00:00 2001 From: Darien Spencer Date: Sat, 19 May 2018 22:24:42 +0300 Subject: [PATCH] rlc: Catch exceptions from sub-dissectors Incorrect reassembly and/or parsing ciphered data can lead to exceptions. We want to be able to parse other SDUs/transport blocks in FP even if this happens. Change-Id: Ie54ee337cf85d8c1cd0e3ac8e46bda96ff2304b9 Reviewed-on: https://code.wireshark.org/review/27656 Petri-Dish: Anders Broman Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman --- epan/dissectors/packet-umts_rlc.c | 41 ++++++++++++++++++++++--------- 1 file changed, 30 insertions(+), 11 deletions(-) diff --git a/epan/dissectors/packet-umts_rlc.c b/epan/dissectors/packet-umts_rlc.c index a89c524379..d8b7af596d 100644 --- a/epan/dissectors/packet-umts_rlc.c +++ b/epan/dissectors/packet-umts_rlc.c @@ -11,11 +11,13 @@ #include "config.h" -#include #include +#include #include +#include #include #include +#include #include @@ -1304,7 +1306,10 @@ static void rlc_call_subdissector(enum rlc_channel_type channel, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { + gboolean is_rrc_payload = TRUE; + volatile dissector_handle_t next_dissector = NULL; enum rrc_message_type msgtype; + switch (channel) { case RLC_UL_CCCH: msgtype = RRC_MESSAGE_TYPE_UL_CCCH; @@ -1313,11 +1318,10 @@ rlc_call_subdissector(enum rlc_channel_type channel, tvbuff_t *tvb, msgtype = RRC_MESSAGE_TYPE_DL_CCCH; break; case RLC_DL_CTCH: + /* Payload of DL CTCH is BMC*/ + is_rrc_payload = FALSE; msgtype = RRC_MESSAGE_TYPE_INVALID; - call_dissector(bmc_handle, tvb, pinfo, tree); - /* once the packet has been dissected, protect it from further changes using a 'fence' in the INFO column */ - col_append_str(pinfo->cinfo, COL_INFO," "); - col_set_fence(pinfo->cinfo, COL_INFO); + next_dissector = bmc_handle; break; case RLC_UL_DCCH: msgtype = RRC_MESSAGE_TYPE_UL_DCCH; @@ -1332,17 +1336,18 @@ rlc_call_subdissector(enum rlc_channel_type channel, tvbuff_t *tvb, msgtype = RRC_MESSAGE_TYPE_BCCH_FACH; break; case RLC_PS_DTCH: + /* Payload of PS DTCH is PDCP or just IP*/ + is_rrc_payload = FALSE; msgtype = RRC_MESSAGE_TYPE_INVALID; /* assume transparent PDCP for now */ - call_dissector(ip_handle, tvb, pinfo, tree); - /* once the packet has been dissected, protect it from further changes using a 'fence' in the INFO column */ - col_append_str(pinfo->cinfo, COL_INFO," "); - col_set_fence(pinfo->cinfo, COL_INFO); + next_dissector = ip_handle; break; default: return; /* stop dissecting */ } - if (msgtype != RRC_MESSAGE_TYPE_INVALID) { + + if (is_rrc_payload && msgtype != RRC_MESSAGE_TYPE_INVALID) { + /* Passing the RRC sub type in the 'rrc_info' struct */ struct rrc_info *rrcinf; fp_info *fpinf; fpinf = (fp_info *)p_get_proto_data(wmem_file_scope(), pinfo, proto_fp, 0); @@ -1352,7 +1357,21 @@ rlc_call_subdissector(enum rlc_channel_type channel, tvbuff_t *tvb, p_add_proto_data(wmem_file_scope(), pinfo, proto_rrc, 0, rrcinf); } rrcinf->msgtype[fpinf->cur_tb] = msgtype; - call_dissector(rrc_handle, tvb, pinfo, tree); + next_dissector = rrc_handle; + } + + if(next_dissector != NULL) { + TRY { + call_dissector(next_dissector, tvb, pinfo, tree); + } + CATCH_NONFATAL_ERRORS { + /* + * Sub dissector threw an exception + * Show the exception and continue dissecting other SDUs. + */ + show_exception(tvb, pinfo, tree, EXCEPT_CODE, GET_MESSAGE); + } + ENDTRY; /* once the packet has been dissected, protect it from further changes using a 'fence' in the INFO column */ col_append_str(pinfo->cinfo, COL_INFO," "); col_set_fence(pinfo->cinfo, COL_INFO);