Ranap: improve heuristic algorithm

Strength the heuristic cheking PDU-Type and Criticality field values too # Conflicts: # epan/dissectors/packet-ranap.c Change-Id: Id95603634a93033664bdbd169880e6b411cfbc11 Bug: 13791 Reviewed-on: https://code.wireshark.org/review/22076 Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com> Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net> Reviewed-on: https://code.wireshark.org/review/22080 Petri-Dish: Michael Mann <mmann78@netscape.net>
author: Michael Mann <mmann78@netscape.net> 2017-06-11 15:20:44 -0400
committer: Michael Mann <mmann78@netscape.net> 2017-06-11 21:09:24 +0000
commit: 6eec098446f4f58d330bf2fc0ce1cc9997c8fd7c (patch)
tree: a4fae7420b566acca9403e673029ef8128d813fe /epan/dissectors
parent: c238d2fa96b5c21cdc6a92f52d1ac759fc7e885a (diff)
download: wireshark-6eec098446f4f58d330bf2fc0ce1cc9997c8fd7c.tar.gz
2 files changed, 34 insertions, 6 deletions
diff --git a/epan/dissectors/asn1/ranap/packet-ranap-template.c b/epan/dissectors/asn1/ranap/packet-ranap-template.c
index f085c68796..44807c6e9e 100644
--- a/epan/dissectors/asn1/ranap/packet-ranap-template.c
+++ b/epan/dissectors/asn1/ranap/packet-ranap-template.c
@@ -273,15 +273,29 @@ dissect_sccp_ranap_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, voi
   /* Is it a ranap packet?
    *
    * 4th octet should be the length of the rest of the message.
+   * 3th octed is the Criticality field
    * 2nd octet is the message-type e Z[0, 28]
+   * 1st octet is the PDU type (with the extension bit)
    * (obviously there must be at least four octets)
    *
-   * If both hold true we'll assume it's RANAP
+   * If all of them hold true we'll assume it's RANAP
    */
 
   #define LENGTH_OFFSET 3
+  #define CRIT_OFFSET 2
   #define MSG_TYPE_OFFSET 1
   if (tvb_captured_length(tvb) < RANAP_MSG_MIN_LENGTH) { return FALSE; }
+
+  temp = tvb_get_guint8(tvb, 0) & 0x7f;
+  if (temp != 0x00 && temp != 0x20 &&temp != 0x40 && temp != 0x60) {
+    return FALSE;
+  }
+
+  temp = tvb_get_guint8(tvb, CRIT_OFFSET);
+  if (temp != 0x00 && temp != 0x40 && temp != 0x80) {
+    return FALSE;
+  }
+
   /* compute aligned PER length determinant without calling dissect_per_length_determinant()
      to avoid exceptions and info added to tree, info column and expert info */
   offset = LENGTH_OFFSET;
diff --git a/epan/dissectors/packet-ranap.c b/epan/dissectors/packet-ranap.c
index 71338cb167..7e0a315a22 100644
--- a/epan/dissectors/packet-ranap.c
+++ b/epan/dissectors/packet-ranap.c
@@ -14993,16 +14993,30 @@ dissect_sccp_ranap_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, voi
   /* Is it a ranap packet?
    *
    * 4th octet should be the length of the rest of the message.
+   * 3th octed is the Criticality field
    * 2nd octet is the message-type e Z[0, 28]
+   * 1st octet is the PDU type (with the extension bit)
    * (obviously there must be at least four octets)
    *
-   * If both hold true we'll assume it's RANAP
+   * If all of them hold true we'll assume it's RANAP
    */
 
   #define LENGTH_OFFSET 3
+  #define CRIT_OFFSET 2
   #define MSG_TYPE_OFFSET 1
   if (tvb_captured_length(tvb) < RANAP_MSG_MIN_LENGTH) { return FALSE; }
-  /* compute PER aligned length determinant without calling dissect_per_length_determinant()
+
+  temp = tvb_get_guint8(tvb, 0) & 0x7f;
+  if (temp != 0x00 && temp != 0x20 &&temp != 0x40 && temp != 0x60) {
+    return FALSE;
+  }
+
+  temp = tvb_get_guint8(tvb, CRIT_OFFSET);
+  if (temp != 0x00 && temp != 0x40 && temp != 0x80) {
+    return FALSE;
+  }
+
+  /* compute aligned PER length determinant without calling dissect_per_length_determinant()
      to avoid exceptions and info added to tree, info column and expert info */
   offset = LENGTH_OFFSET;
   length = tvb_get_guint8(tvb, offset);
@@ -18226,7 +18240,7 @@ void proto_register_ranap(void) {
         NULL, HFILL }},
 
 /*--- End of included file: packet-ranap-hfarr.c ---*/
-#line 341 "./asn1/ranap/packet-ranap-template.c"
+#line 358 "./asn1/ranap/packet-ranap-template.c"
   };
 
   /* List of subtrees */
@@ -18590,7 +18604,7 @@ void proto_register_ranap(void) {
     &ett_ranap_Outcome,
 
 /*--- End of included file: packet-ranap-ettarr.c ---*/
-#line 349 "./asn1/ranap/packet-ranap-template.c"
+#line 366 "./asn1/ranap/packet-ranap-template.c"
   };
 
 
@@ -19017,7 +19031,7 @@ proto_reg_handoff_ranap(void)
 
 
 /*--- End of included file: packet-ranap-dis-tab.c ---*/
-#line 398 "./asn1/ranap/packet-ranap-template.c"
+#line 415 "./asn1/ranap/packet-ranap-template.c"
   } else {
     dissector_delete_uint("sccp.ssn", local_ranap_sccp_ssn, ranap_handle);
   }
author	Michael Mann <mmann78@netscape.net>	2017-06-11 15:20:44 -0400
committer	Michael Mann <mmann78@netscape.net>	2017-06-11 21:09:24 +0000
commit	6eec098446f4f58d330bf2fc0ce1cc9997c8fd7c (patch)
tree	a4fae7420b566acca9403e673029ef8128d813fe /epan/dissectors
parent	c238d2fa96b5c21cdc6a92f52d1ac759fc7e885a (diff)
download	wireshark-6eec098446f4f58d330bf2fc0ce1cc9997c8fd7c.tar.gz