diff options
author | Robert Sauter <sauter@locoslab.com> | 2017-06-14 07:52:59 +0200 |
---|---|---|
committer | Michael Mann <mmann78@netscape.net> | 2017-06-14 15:00:30 +0000 |
commit | d7f1dc8b692530ed2fd5be38a0fdb18d9630bd60 (patch) | |
tree | 07e9308072f6bd26436461cb57f167c9e8ed3a4b | |
parent | 75e2c7ef57643639484a07da98a7fb2629bd000c (diff) | |
download | wireshark-d7f1dc8b692530ed2fd5be38a0fdb18d9630bd60.tar.gz |
IEEE 802.15.4: Fix IE/MIC handling of secured packets without payload
Change-Id: Icdcb770723e3783013f525524c3fe745d5dd862d
Reviewed-on: https://code.wireshark.org/review/22122
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit ae085f7338b356f249bbc639ce70412ece42a708)
Reviewed-on: https://code.wireshark.org/review/22133
-rw-r--r-- | epan/dissectors/packet-ieee802154.c | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/epan/dissectors/packet-ieee802154.c b/epan/dissectors/packet-ieee802154.c index b0306cd9de..6b4350625a 100644 --- a/epan/dissectors/packet-ieee802154.c +++ b/epan/dissectors/packet-ieee802154.c @@ -1673,7 +1673,7 @@ dissect_ieee802154_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, g } else { if (packet->ie_present) { - dissect_ieee802154_header_ie(tvb, pinfo, ieee802154_tree, &offset, packet); + dissect_ieee802154_header_ie(tvb, pinfo, ieee802154_tree, &offset, packet); } } @@ -1708,11 +1708,10 @@ dissect_ieee802154_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, g /* Get the unencrypted data if decryption failed. */ if (!payload_tvb) { - /* Deal with possible truncation and the FCS field at the end. */ - gint reported_len = tvb_reported_length(tvb)-offset-IEEE802154_FCS_LEN; - gint captured_len = tvb_captured_length(tvb)-offset; - if (reported_len < captured_len) captured_len = reported_len; - payload_tvb = tvb_new_subset_length_caplen(tvb, offset, captured_len, reported_len); + /* Deal with possible truncation and the MIC and FCS fields at the end. */ + gint reported_len = tvb_reported_length(tvb)-offset-rx_mic_len-IEEE802154_FCS_LEN; + gint captured_len = tvb_captured_length(tvb)-offset; + payload_tvb = tvb_new_subset_length_caplen(tvb, offset, MIN(captured_len, reported_len), reported_len); } /* Display the MIC. */ @@ -2581,7 +2580,7 @@ dissect_ieee802154_header_ie(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree * break; } } - } while ((tvb_reported_length_remaining(tvb, *offset) > IEEE802154_FCS_LEN + 1) && + } while ((tvb_reported_length_remaining(tvb, *offset) > IEEE802154_MIC_LENGTH(packet->security_level) + IEEE802154_FCS_LEN + 1) && (id != IEEE802154_HEADER_IE_EID_TERM1) && (id != IEEE802154_HEADER_IE_EID_TERM2)); |