diff options
author | Gerald Combs <gerald@wireshark.org> | 2012-11-26 22:55:23 +0000 |
---|---|---|
committer | Gerald Combs <gerald@wireshark.org> | 2012-11-26 22:55:23 +0000 |
commit | a9eed6e9c630f077194a2cf0f053e2249310d581 (patch) | |
tree | 391c7b15ce098754b4a261405eb5cd56bff13a80 | |
parent | e6fbb29c35df9f323a777851f842736f47dc9060 (diff) | |
download | wireshark-a9eed6e9c630f077194a2cf0f053e2249310d581.tar.gz |
Copy over revisions from the trunk:
------------------------------------------------------------------------
r46003 | eapache | 2012-11-11 12:29:06 -0800 (Sun, 11 Nov 2012) | 7 lines
Changed paths:
M /trunk/epan/dissectors/packet-tpncp.c
Fix part of https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6665
Make sure the array of names is always null-terminated, even if we have
enough names to fill the entire thing. Also use a gboolean instead of a
gint for one variable.
------------------------------------------------------------------------
r46004 | eapache | 2012-11-11 12:54:12 -0800 (Sun, 11 Nov 2012) | 5 lines
Changed paths:
M /trunk/epan/dissectors/packet-tpncp.c
Fix the rest of https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6665
Catch exceptions thrown while registering the dynamically generated tpncp
fields, and take that as a hint that the .dat file is corrupt.
------------------------------------------------------------------------
r46153 | ruengeler | 2012-11-23 05:16:04 -0800 (Fri, 23 Nov 2012) | 2 lines
Changed paths:
M /trunk/ui/gtk/sctp_stat.c
Fix bug reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8011
------------------------------------------------------------------------
Copy over with manual intervention:
------------------------------------------------------------------------
r46005 | pascal | 2012-11-11 15:17:09 -0800 (Sun, 11 Nov 2012) | 6 lines
Changed paths:
M /trunk/epan/dissectors/packet-ssl.c
From Erik Tews via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7967 :
Fix dissection of Server Name Indication extension in SSL/TLS traffic
From me:
Fix a few errors found by checkhf.pl and fix-encoding-args.pl
------------------------------------------------------------------------
Update the release notes.
svn path=/trunk-1.8/; revision=46212
-rw-r--r-- | docbook/release-notes.xml | 22 | ||||
-rw-r--r-- | epan/dissectors/packet-ssl.c | 26 | ||||
-rw-r--r-- | epan/dissectors/packet-tpncp.c | 39 | ||||
-rw-r--r-- | ui/gtk/sctp_stat.c | 1 |
4 files changed, 62 insertions, 26 deletions
diff --git a/docbook/release-notes.xml b/docbook/release-notes.xml index d244407e06..0e3cc206b9 100644 --- a/docbook/release-notes.xml +++ b/docbook/release-notes.xml @@ -73,6 +73,24 @@ Wireshark Info </para></listitem> --> + <listitem><para> + Malformed tpncp.dat file can crash Wireshark. + (<ulink url="https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6665">Bug + 6665</ulink>) + </para></listitem> + + <listitem><para> + Parsing the Server Name Indication extension in SSL/TLS traffic reads some fields incorrectly. + (<ulink url="https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7967">Bug + 7967</ulink>) + </para></listitem> + + <listitem><para> + Core dump during SCTP association analysis. + (<ulink url="https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8011">Bug + 8011</ulink>) + </para></listitem> + </itemizedlist> </para> @@ -99,7 +117,7 @@ There are no new protocols in this release. <!-- Sort alphabetically --> -. +SSL/TLS </para> </section> @@ -107,7 +125,7 @@ There are no new protocols in this release. <section id="NewCapture"><title>New and Updated Capture File Support</title> <para> -. + </para> </section> diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c index 608ddd2e06..78b920e33b 100644 --- a/epan/dissectors/packet-ssl.c +++ b/epan/dissectors/packet-ssl.c @@ -172,7 +172,6 @@ static gint hf_ssl_handshake_extension_elliptic_curves = -1; static gint hf_ssl_handshake_extension_elliptic_curve = -1; static gint hf_ssl_handshake_extension_ec_point_formats_len = -1; static gint hf_ssl_handshake_extension_ec_point_format = -1; -static gint hf_ssl_handshake_extension_npn_len = -1; static gint hf_ssl_handshake_extension_npn_str_len = -1; static gint hf_ssl_handshake_extension_npn_str = -1; static gint hf_ssl_handshake_extension_reneg_info_len = -1; @@ -2430,7 +2429,7 @@ dissect_ssl3_hnd_hello_ext_npn(tvbuff_t *tvb, if (npn_length > 0) { tvb_ensure_bytes_exist(tvb, offset, npn_length); proto_tree_add_item(npn_tree, hf_ssl_handshake_extension_npn_str, - tvb, offset, npn_length, ENC_NA); + tvb, offset, npn_length, ENC_ASCII|ENC_NA); offset += npn_length; ext_len -= npn_length; } @@ -2471,7 +2470,7 @@ static gint dissect_ssl3_hnd_hello_ext_server_name(tvbuff_t *tvb, proto_tree *tree, guint32 offset, guint32 ext_len) { - guint8 server_name_length; + guint16 server_name_length; proto_tree *server_name_tree, *ti; @@ -2489,20 +2488,20 @@ dissect_ssl3_hnd_hello_ext_server_name(tvbuff_t *tvb, while (ext_len > 0) { proto_tree_add_item(server_name_tree, hf_ssl_handshake_extension_server_name_type, + tvb, offset, 1, ENC_NA); + offset += 1; + ext_len -= 1; + + server_name_length = tvb_get_ntohs(tvb, offset); + proto_tree_add_item(server_name_tree, hf_ssl_handshake_extension_server_name_len, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; ext_len -= 2; - server_name_length = tvb_get_guint8(tvb, offset); - proto_tree_add_item(server_name_tree, hf_ssl_handshake_extension_server_name_len, - tvb, offset, 1, ENC_NA); - offset++; - ext_len--; - if (server_name_length > 0) { tvb_ensure_bytes_exist(tvb, offset, server_name_length); proto_tree_add_item(server_name_tree, hf_ssl_handshake_extension_server_name, - tvb, offset, server_name_length, ENC_NA); + tvb, offset, server_name_length, ENC_ASCII|ENC_NA); offset += server_name_length; ext_len -= server_name_length; } @@ -5132,11 +5131,6 @@ proto_register_ssl(void) FT_UINT8, BASE_DEC, VALS(ssl_extension_ec_point_formats), 0x0, "Elliptic curves point format", HFILL } }, - { &hf_ssl_handshake_extension_npn_len, - { "NPN extension length", "ssl.handshake.extensions_npn_length", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of NPN extension", HFILL } - }, { &hf_ssl_handshake_extension_npn_str_len, { "Protocol string length", "ssl.handshake.extensions_npn_str_len", FT_UINT8, BASE_DEC, NULL, 0x0, @@ -5164,7 +5158,7 @@ proto_register_ssl(void) }, { &hf_ssl_handshake_extension_server_name_type, { "Server Name Type", "ssl.handshake.extensions_server_name_type", - FT_UINT16, BASE_DEC, VALS(tls_hello_ext_server_name_type_vs), 0x0, + FT_UINT8, BASE_DEC, VALS(tls_hello_ext_server_name_type_vs), 0x0, NULL, HFILL } }, { &hf_ssl_handshake_extension_server_name, diff --git a/epan/dissectors/packet-tpncp.c b/epan/dissectors/packet-tpncp.c index 8e77c3b471..b3bf9a0310 100644 --- a/epan/dissectors/packet-tpncp.c +++ b/epan/dissectors/packet-tpncp.c @@ -38,6 +38,7 @@ #include <wsutil/file_util.h> +#include <epan/exceptions.h> #include <epan/packet.h> #include <epan/prefs.h> #include <epan/emem.h> @@ -378,7 +379,8 @@ static gint fill_tpncp_id_vals(value_string string[], FILE *file) { /*-------------------------------------------------------------------------------------------------------------------------------------------*/ static gint fill_enums_id_vals(FILE *file) { - gint i = 0, enum_id = 0, enum_val = 0, first_entry = 1; + gint i = 0, enum_id = 0, enum_val = 0; + gboolean first_entry = TRUE; gchar *line_in_file = NULL, *enum_name = NULL, *enum_type = NULL, *enum_str = NULL; @@ -408,7 +410,7 @@ static gint fill_enums_id_vals(FILE *file) { } } else - first_entry = 0; + first_entry = FALSE; tpncp_enums_name_vals[enum_val] = g_strdup(enum_name); g_strlcpy(enum_type, enum_name, MAX_TPNCP_DB_ENTRY_LEN); } @@ -422,6 +424,16 @@ static gint fill_enums_id_vals(FILE *file) { } } } + /* make sure the last entry in the array is null but + * don't overflow if we've filled the entire thing (in which case + * we have to drop an entry) */ + if (enum_val + 1 >= MAX_ENUMS_NUM) { + g_free(tpncp_enums_name_vals[enum_val]); + tpncp_enums_name_vals[enum_val] = NULL; + } + else { + tpncp_enums_name_vals[enum_val+1] = NULL; + } return 0; } @@ -762,14 +774,27 @@ void proto_register_tpncp(void) { proto_tpncp = proto_register_protocol("AudioCodes TPNCP (TrunkPack Network Control Protocol)", "TPNCP", "tpncp"); - /* - * The function proto_register_field_array can not work with dynamic arrays, - * so passing dynamic array elements one-by-one in the loop. + /* Rather than duplicating large quantities of code from + * proto_register_field_array() and friends to sanitize the tpncp.dat file + * when we read it, just catch any exceptions we get while registering and + * take them as a hint that the file is corrupt. Then move on, so that at + * least the rest of the protocol dissectors will still work. */ - for(idx = 0; idx < hf_size; idx++) { - proto_register_field_array(proto_tpncp, &hf[idx], 1); + TRY { + /* The function proto_register_field_array does not work with dynamic + * arrays, so pass dynamic array elements one-by-one in the loop. + */ + for(idx = 0; idx < hf_size; idx++) { + proto_register_field_array(proto_tpncp, &hf[idx], 1); + } } + CATCH_ALL { + g_warning("Corrupt tpncp.dat file, tpncp dissector will not work."); + } + + ENDTRY; + proto_register_subtree_array(ett, array_length(ett)); register_dissector("tpncp", dissect_tpncp, proto_tpncp); diff --git a/ui/gtk/sctp_stat.c b/ui/gtk/sctp_stat.c index 0911b24ff6..b0ea64078a 100644 --- a/ui/gtk/sctp_stat.c +++ b/ui/gtk/sctp_stat.c @@ -860,7 +860,6 @@ packet(void *tapdata _U_, packet_info *pinfo , epan_dissect_t *edt _U_ , const v info->min_tsn2 = tsnumber; if (tsnumber > info->max_tsn2) info->max_tsn2 = tsnumber; - info->n_sack_chunks_ep2++; length = tvb_get_ntohs(sctp_info->tvb[chunk_number], CHUNK_LENGTH_OFFSET); if (sack->first_tsn == 0) sack->first_tsn = tsnumber; |