summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Wu <peter@lekensteyn.nl>2017-06-30 21:15:21 +0200
committerAnders Broman <a.broman58@gmail.com>2017-07-01 06:37:22 +0000
commite47b68b578db306f2c8a5681359edebab2e2c9d3 (patch)
tree318ec707cb1a0ae9ee9e78dbae6259f576fa3b6c
parentf9fd438b6d8d5fb535881e94f736025b46a3fcc4 (diff)
downloadwireshark-e47b68b578db306f2c8a5681359edebab2e2c9d3.tar.gz
ospf: workaround Opaque Information with bad TLV
The linked pcap seems to contain a TLV (type=255 (Unknown)) followed by four bytes (00 00 00 14, interpreted as TLV (type=0, length=20)). That is bogus, so stop dissecting if no more data is available. While at it, implement alignment at four octets. Bug: 13823 Change-Id: Iacf863c0c6605db40e87f63a950d61c1db6debaa Reviewed-on: https://code.wireshark.org/review/22488 Reviewed-by: Michael Mann <mmann78@netscape.net> Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
-rw-r--r--epan/dissectors/packet-ospf.c18
1 files changed, 13 insertions, 5 deletions
diff --git a/epan/dissectors/packet-ospf.c b/epan/dissectors/packet-ospf.c
index 5c265a245d..1199e7b797 100644
--- a/epan/dissectors/packet-ospf.c
+++ b/epan/dissectors/packet-ospf.c
@@ -2391,14 +2391,15 @@ dissect_ospf_lsa_opaque_ri(tvbuff_t *tvb, int offset, proto_tree *tree,
{
proto_tree *ri_tree;
proto_tree *tlv_tree;
+ int offset_end = offset + length;
int tlv_type;
- int tlv_length;
+ guint tlv_length;
ri_tree = proto_tree_add_subtree(tree, tvb, offset, length,
ett_ospf_lsa_opaque_ri, NULL, "Opaque Router Information LSA");
- while (length > 0) {
+ while (offset < offset_end) {
tlv_type = tvb_get_ntohs(tvb, offset);
tlv_length = tvb_get_ntohs(tvb, offset + 2);
@@ -2427,7 +2428,7 @@ dissect_ospf_lsa_opaque_ri(tvbuff_t *tvb, int offset, proto_tree *tree,
break;
case OPAQUE_TLV_SA:{
- int sa_number;
+ guint sa_number;
tlv_tree = proto_tree_add_subtree_format(ri_tree, tvb, offset, tlv_length+4,
ett_ospf_lsa_sa_tlv, NULL, "%s", val_to_str_const(tlv_type, ri_tlv_type_vals, "Unknown Opaque RI LSA TLV"));
@@ -2441,6 +2442,10 @@ dissect_ospf_lsa_opaque_ri(tvbuff_t *tvb, int offset, proto_tree *tree,
break;
}
default:
+ if (tlv_length > (guint)(offset_end - offset)) {
+ /* Invalid length, probably not TLV. */
+ return;
+ }
tlv_tree = proto_tree_add_subtree_format(ri_tree, tvb, offset, tlv_length+4,
ett_ospf_lsa_unknown_tlv, NULL, "%s", val_to_str_const(tlv_type, ri_tlv_type_vals, "Unknown Opaque RI LSA TLV"));
@@ -2453,8 +2458,11 @@ dissect_ospf_lsa_opaque_ri(tvbuff_t *tvb, int offset, proto_tree *tree,
}
- offset += tlv_length + 4;
- length -= tlv_length + 4;
+ /*
+ * RFC 7770, section 2.3: 4-octet aligned, but type, length and padding
+ * is not included in the length.
+ * */
+ offset += 4 + ((tlv_length + 3) & ~3);
}
}