diff options
| author | Pascal Quantin <pascal.quantin@gmail.com> | 2015-10-18 22:44:09 +0200 |
|---|---|---|
| committer | Pascal Quantin <pascal.quantin@gmail.com> | 2015-10-19 07:10:14 +0000 |
| commit | 41e646ec4e668f690de8c92846f28e92d2396c6e (patch) | |
| tree | 81a3c294de33a787e124536bc4f73da1e280b14f | |
| parent | af920d25e2477b07c89cadcf913cd8d529bc0e71 (diff) | |
| download | wireshark-41e646ec4e668f690de8c92846f28e92d2396c6e.tar.gz | |
AllJoyn: prevent an infinite loop
Display an expert error when the argument is empty
Bug: 11607
Change-Id: I8682eab8fe1822f784e848220ff90de4eb5e13ff
Reviewed-on: https://code.wireshark.org/review/11132
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
(cherry picked from commit 40caff2d1fb08262c84aaaa8ac584baa8866dd7c)
Conflicts:
epan/dissectors/packet-alljoyn.c
Reviewed-on: https://code.wireshark.org/review/11140
| -rw-r--r-- | epan/dissectors/packet-alljoyn.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/epan/dissectors/packet-alljoyn.c b/epan/dissectors/packet-alljoyn.c index bfe962917d..1e1f67493e 100644 --- a/epan/dissectors/packet-alljoyn.c +++ b/epan/dissectors/packet-alljoyn.c @@ -23,6 +23,7 @@ #include "config.h" #include <epan/packet.h> +#include <epan/expert.h> #include <glib.h> @@ -192,6 +193,8 @@ static int hf_alljoyn_string_size_8bit = -1; /* 8-bit size of string */ static int hf_alljoyn_string_size_32bit = -1; /* 32-bit size of string */ static int hf_alljoyn_string_data = -1; /* string characters */ +static expert_field ei_alljoyn_empty_arg = EI_INIT; + /* These are the ids of the subtrees we will be creating */ static gint ett_alljoyn_ns = -1; /* This is the top NS tree. */ static gint ett_alljoyn_ns_header = -1; @@ -655,6 +658,7 @@ parse_arg(tvbuff_t *tvb, guint8 *signature_length) { gint length; + gint saved_offset = offset; const gchar *header_type_name = NULL; switch(type_id) @@ -1032,6 +1036,11 @@ parse_arg(tvbuff_t *tvb, /* Make sure we never return something longer than the buffer for an offset. */ if(offset > (gint)tvb_reported_length(tvb)) { offset = (gint)tvb_reported_length(tvb); + } else if (offset == saved_offset) { + /* The argument has a null size. Let's report the packet length to avoid an infinite loop. */ + /*expert_add_info(pinfo, header_item, &ei_alljoyn_empty_arg);*/ + proto_tree_add_expert(field_tree, pinfo, &ei_alljoyn_empty_arg, tvb, offset, 0); + offset = (gint)tvb_reported_length(tvb); } return offset; @@ -1824,6 +1833,8 @@ dissect_AllJoyn_name_server(tvbuff_t *tvb, void proto_register_AllJoyn(void) { + expert_module_t* expert_alljoyn; + /* A header field is something you can search/filter on. * * We create a structure to register our fields. It consists of an @@ -2289,6 +2300,12 @@ proto_register_AllJoyn(void) &ett_alljoyn_mess_body_parameters }; + static ei_register_info ei[] = { + { &ei_alljoyn_empty_arg, + { "alljoyn.empty_arg", PI_MALFORMED, PI_ERROR, + "Argument is empty", EXPFILL }} + }; + /* The following are protocols as opposed to data within a protocol. These appear * in Wireshark a divider/header between different groups of data. */ @@ -2301,6 +2318,8 @@ proto_register_AllJoyn(void) proto_register_field_array(proto_AllJoyn_ns, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); + expert_alljoyn = expert_register_protocol(proto_AllJoyn_mess); + expert_register_field_array(expert_alljoyn, ei, array_length(ei)); } void |