dce-rpc: properly dissect multiple PDU in the same packet. Bug 9302 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9302).

From Matthieu Patou svn path=/trunk/; revision=52736
author: Michael Mann <mmann78@netscape.net> 2013-10-21 16:00:37 +0000
committer: Michael Mann <mmann78@netscape.net> 2013-10-21 16:00:37 +0000
commit: a8d18748ab510f00e3d382b112f45554927e46f8 (patch)
tree: c0996c95ea689776ed4d612a15dd44471aa4b50a
parent: 651b85889292f711921955a8b06f8fcb898d1955 (diff)
download: wireshark-a8d18748ab510f00e3d382b112f45554927e46f8.tar.gz
1 files changed, 15 insertions, 13 deletions
diff --git a/epan/dissectors/packet-dcerpc.c b/epan/dissectors/packet-dcerpc.c
index 4d20640a7b..9b79b30b45 100644
--- a/epan/dissectors/packet-dcerpc.c
+++ b/epan/dissectors/packet-dcerpc.c
@@ -4442,6 +4442,7 @@ dissect_dcerpc_cn(tvbuff_t *tvb, int offset, packet_info *pinfo,
     static const guint8 nulls[4]         = { 0 };
     int                    start_offset;
     int                    padding       = 0;
+    int                    subtvb_len    = 0;
     proto_item            *ti            = NULL;
     proto_item            *tf            = NULL;
     proto_tree            *dcerpc_tree   = NULL;
@@ -4618,9 +4619,10 @@ dissect_dcerpc_cn(tvbuff_t *tvb, int offset, packet_info *pinfo,
      * (and other functions might fail as well) computing the right start
      * offset otherwise.
      */
-    fragment_tvb = tvb_new_subset(tvb, 0,
-                                  MIN((hdr.frag_len + (guint) start_offset), tvb_length(tvb)) /* length */,
-                                  hdr.frag_len + start_offset /* reported_length */);
+    subtvb_len = MIN(hdr.frag_len, tvb_length(tvb));
+    fragment_tvb = tvb_new_subset(tvb, start_offset,
+                                  subtvb_len /* length */,
+                                  hdr.frag_len /* reported_length */);
 
     /*
      * Packet type specific stuff is next.
@@ -4628,36 +4630,36 @@ dissect_dcerpc_cn(tvbuff_t *tvb, int offset, packet_info *pinfo,
     switch (hdr.ptype) {
     case PDU_BIND:
     case PDU_ALTER:
-        dissect_dcerpc_cn_bind(fragment_tvb, offset, pinfo, dcerpc_tree, &hdr);
+        dissect_dcerpc_cn_bind(fragment_tvb, MIN(offset - start_offset, subtvb_len), pinfo, dcerpc_tree, &hdr);
         break;
 
     case PDU_BIND_ACK:
     case PDU_ALTER_ACK:
-        dissect_dcerpc_cn_bind_ack(fragment_tvb, offset, pinfo, dcerpc_tree, &hdr);
+        dissect_dcerpc_cn_bind_ack(fragment_tvb, MIN(offset - start_offset, subtvb_len), pinfo, dcerpc_tree, &hdr);
         break;
 
     case PDU_AUTH3:
         /*
          * Nothing after the common header other than credentials.
          */
-        dissect_dcerpc_cn_auth(fragment_tvb, offset, pinfo, dcerpc_tree, &hdr, TRUE,
+        dissect_dcerpc_cn_auth(fragment_tvb, MIN(offset - start_offset, subtvb_len), pinfo, dcerpc_tree, &hdr, TRUE,
                                &auth_info);
         break;
 
     case PDU_REQ:
-        dissect_dcerpc_cn_rqst(fragment_tvb, offset, pinfo, dcerpc_tree, tree, &hdr);
+        dissect_dcerpc_cn_rqst(fragment_tvb, MIN(offset - start_offset, subtvb_len), pinfo, dcerpc_tree, tree, &hdr);
         break;
 
     case PDU_RESP:
-        dissect_dcerpc_cn_resp(fragment_tvb, offset, pinfo, dcerpc_tree, tree, &hdr);
+        dissect_dcerpc_cn_resp(fragment_tvb, MIN(offset - start_offset, subtvb_len), pinfo, dcerpc_tree, tree, &hdr);
         break;
 
     case PDU_FAULT:
-        dissect_dcerpc_cn_fault(fragment_tvb, offset, pinfo, dcerpc_tree, &hdr);
+        dissect_dcerpc_cn_fault(fragment_tvb, MIN(offset - start_offset, subtvb_len), pinfo, dcerpc_tree, &hdr);
         break;
 
     case PDU_BIND_NAK:
-        dissect_dcerpc_cn_bind_nak(fragment_tvb, offset, pinfo, dcerpc_tree, &hdr);
+        dissect_dcerpc_cn_bind_nak(fragment_tvb, MIN(offset - start_offset, subtvb_len), pinfo, dcerpc_tree, &hdr);
         break;
 
     case PDU_CO_CANCEL:
@@ -4666,7 +4668,7 @@ dissect_dcerpc_cn(tvbuff_t *tvb, int offset, packet_info *pinfo,
          * Nothing after the common header other than an authentication
          * verifier.
          */
-        dissect_dcerpc_cn_auth(fragment_tvb, offset, pinfo, dcerpc_tree, &hdr, FALSE,
+        dissect_dcerpc_cn_auth(fragment_tvb, MIN(offset - start_offset, subtvb_len), pinfo, dcerpc_tree, &hdr, FALSE,
                                &auth_info);
         break;
 
@@ -4677,12 +4679,12 @@ dissect_dcerpc_cn(tvbuff_t *tvb, int offset, packet_info *pinfo,
          */
         break;
     case PDU_RTS:
-      dissect_dcerpc_cn_rts(fragment_tvb, offset, pinfo, dcerpc_tree, &hdr);
+      dissect_dcerpc_cn_rts(fragment_tvb, MIN(offset - start_offset, subtvb_len), pinfo, dcerpc_tree, &hdr);
       break;
 
     default:
         /* might as well dissect the auth info */
-        dissect_dcerpc_cn_auth(fragment_tvb, offset, pinfo, dcerpc_tree, &hdr, FALSE,
+        dissect_dcerpc_cn_auth(fragment_tvb, MIN(offset - start_offset, subtvb_len), pinfo, dcerpc_tree, &hdr, FALSE,
                                &auth_info);
         break;
     }
author	Michael Mann <mmann78@netscape.net>	2013-10-21 16:00:37 +0000
committer	Michael Mann <mmann78@netscape.net>	2013-10-21 16:00:37 +0000
commit	a8d18748ab510f00e3d382b112f45554927e46f8 (patch)
tree	c0996c95ea689776ed4d612a15dd44471aa4b50a
parent	651b85889292f711921955a8b06f8fcb898d1955 (diff)
download	wireshark-a8d18748ab510f00e3d382b112f45554927e46f8.tar.gz