diff options
author | Gerald Combs <gerald@wireshark.org> | 2006-07-10 19:54:41 +0000 |
---|---|---|
committer | Gerald Combs <gerald@wireshark.org> | 2006-07-10 19:54:41 +0000 |
commit | 1f8334d9e922d94c5c2db7b6132bf7229021e8e7 (patch) | |
tree | a26ce80c043926f2550ad45fa3d2576f0b44219e /epan | |
parent | 82fd788f995b4c020f8d46a82378aa7f4768d22a (diff) | |
download | wireshark-1f8334d9e922d94c5c2db7b6132bf7229021e8e7.tar.gz |
Two more bugs from Ilja van Sprundel.
packet-ndmp.c:
Fix our payload length check.
packet-nfs.c:
Check for a maximum bitmap length.
Fix up whitespace.
svn path=/trunk/; revision=18699
Diffstat (limited to 'epan')
-rw-r--r-- | epan/dissectors/packet-ndmp.c | 22 | ||||
-rw-r--r-- | epan/dissectors/packet-nfs.c | 38 |
2 files changed, 34 insertions, 26 deletions
diff --git a/epan/dissectors/packet-ndmp.c b/epan/dissectors/packet-ndmp.c index 98ed0a26e3..1704f1ee38 100644 --- a/epan/dissectors/packet-ndmp.c +++ b/epan/dissectors/packet-ndmp.c @@ -290,7 +290,7 @@ get_itl_nexus(ndmp_conv_data_t *ndmp_conv_data, packet_info *pinfo, gboolean cre return itl; } -static guint8 +static guint8 get_ndmp_protocol_version(ndmp_conv_data_t *ndmp_conv_data) { if(!ndmp_conv_data || (ndmp_conv_data->version==NDMP_PROTOCOL_UNKNOWN)){ @@ -519,12 +519,12 @@ dissect_error(tvbuff_t *tvb, int offset, packet_info *pinfo, err=tvb_get_ntohl(tvb, offset); proto_tree_add_item(tree, hf_ndmp_error, tvb, offset, 4, FALSE); if(err && check_col(pinfo->cinfo, COL_INFO)) { - col_append_fstr(pinfo->cinfo, COL_INFO, + col_append_fstr(pinfo->cinfo, COL_INFO, " NDMP Error:%s", val_to_str(err, error_vals, "Unknown NDMP error code %#x")); } - + offset += 4; return offset; @@ -1223,7 +1223,7 @@ dissect_execute_cdb_payload(tvbuff_t *tvb, int offset, packet_info *pinfo, proto proto_tree_add_uint(tree, hf_len, tvb, offset, 4, payload_len); offset += 4; - if (payload_len != 0) { + if ((int) payload_len > 0) { tvbuff_t *data_tvb; int tvb_len, tvb_rlen; @@ -1697,7 +1697,7 @@ dissect_ndmp_addr(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, /* IP addr */ proto_tree_add_item(tree, hf_ndmp_addr_ip, tvb, offset, 4, FALSE); offset+=4; - + /* TCP port */ proto_tree_add_item(tree, hf_ndmp_addr_tcp, tvb, offset, 4, FALSE); offset+=4; @@ -2864,7 +2864,7 @@ dissect_ndmp_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) top_tree=tree; /* scsi should open its expansions on the top level */ /* - * We need to keep track of conversations so that we can track NDMP + * We need to keep track of conversations so that we can track NDMP * versions. */ conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, @@ -2983,9 +2983,9 @@ dissect_ndmp_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) } - hdr_item = proto_tree_add_text(ndmp_tree, tvb, 0, 4, - "Fragment header: %s%u %s", - (ndmp_rm & RPC_RM_LASTFRAG) ? "Last fragment, " : "", + hdr_item = proto_tree_add_text(ndmp_tree, tvb, 0, 4, + "Fragment header: %s%u %s", + (ndmp_rm & RPC_RM_LASTFRAG) ? "Last fragment, " : "", ndmp_rm & RPC_RM_FRAGLEN, plurality(ndmp_rm & RPC_RM_FRAGLEN, "byte", "bytes")); hdr_tree = proto_item_add_subtree(hdr_item, ett_ndmp_fraghdr); proto_tree_add_boolean(hdr_tree, hf_ndmp_lastfrag, tvb, 0, 4, ndmp_rm); @@ -3076,7 +3076,7 @@ proto_register_ndmp(void) "NDMP Header", "ndmp.header", FT_NONE, 0, NULL, 0, "NDMP Header", HFILL }}, - { &hf_ndmp_response_frame, { + { &hf_ndmp_response_frame, { "Response In", "ndmp.response_frame", FT_FRAMENUM, BASE_NONE, NULL, 0, "The response to this NDMP command is in this frame", HFILL }}, @@ -3084,7 +3084,7 @@ proto_register_ndmp(void) { "Time from request", "ndmp.time", FT_RELATIVE_TIME, BASE_NONE, NULL, 0, "Time since the request packet", HFILL }}, - { &hf_ndmp_request_frame, { + { &hf_ndmp_request_frame, { "Request In", "ndmp.request_frame", FT_FRAMENUM, BASE_NONE, NULL, 0, "The request to this NDMP command is in this frame", HFILL }}, diff --git a/epan/dissectors/packet-nfs.c b/epan/dissectors/packet-nfs.c index 7758efa7d1..50a52e47c1 100644 --- a/epan/dissectors/packet-nfs.c +++ b/epan/dissectors/packet-nfs.c @@ -475,7 +475,7 @@ static GHashTable *nfs_name_snoop_matched = NULL; static se_tree_t *nfs_name_snoop_known = NULL; static se_tree_t *nfs_file_handles = NULL; -/* This function will store one nfs filehandle in our global tree of +/* This function will store one nfs filehandle in our global tree of * filehandles. * We store all filehandles we see in this tree so that every unique * filehandle is only stored once with a unique pointer. @@ -521,7 +521,7 @@ store_nfs_file_handle(nfs_fhandle_data_t *nfs_fh) se_tree_insert32_array(nfs_file_handles, &fhkey[0], new_nfs_fh); return new_nfs_fh; -} +} static gint nfs_name_snoop_matched_equal(gconstpointer k1, gconstpointer k2) @@ -806,7 +806,7 @@ nfs_name_snoop_fh(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int fh_of fhkey[1].length=fhlen/4; fhkey[1].key=(guint32 *)tvb_get_ptr(tvb, fh_offset, fh_length); fhkey[2].length=0; - + nns=se_tree_lookup32_array(nfs_name_snoop_known, &fhkey[0]); } @@ -2945,7 +2945,7 @@ dissect_nfs_fh3(tvbuff_t *tvb, int offset, packet_info *pinfo, if((!pinfo->fd->flags.visited) && nfs_file_name_snooping){ rpc_call_info_value *civ=pinfo->private_data; - /* NFS v3 LOOKUP, CREATE, MKDIR, READDIRPLUS + /* NFS v3 LOOKUP, CREATE, MKDIR, READDIRPLUS calls might give us a mapping*/ if( (civ->prog==100003) &&(civ->vers==3) @@ -3023,8 +3023,8 @@ dissect_nfstime3(tvbuff_t *tvb, int offset, } -/* RFC 1813, Page 22 - * The levels parameter tells this helper how many levels up in the tree it +/* RFC 1813, Page 22 + * The levels parameter tells this helper how many levels up in the tree it * should display useful info such as type,mode,uid,gid * If level has the COL_INFO_LEVEL flag set it will also display * this info in the info column. @@ -3137,7 +3137,7 @@ static const value_string value_follows[] = /* RFC 1813, Page 23 */ int -dissect_nfs_post_op_attr(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, +dissect_nfs_post_op_attr(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, const char* name) { proto_item* post_op_attr_item = NULL; @@ -4092,7 +4092,7 @@ dissect_nfs3_read_call(tvbuff_t *tvb, int offset, packet_info *pinfo, len=tvb_get_ntohl(tvb, offset); offset = dissect_rpc_uint32(tvb, tree, hf_nfs_count3, offset); - + if (check_col(pinfo->cinfo, COL_INFO)) { col_append_fstr(pinfo->cinfo, COL_INFO,", FH:0x%08x Offset:%" PRIu64 " Len:%u", hash, off, len); } @@ -4816,8 +4816,8 @@ dissect_entryplus3(tvbuff_t *tvb, int offset, packet_info *pinfo, &&(!civ->request) &&((civ->proc==17)) ) { - nfs_name_snoop_add_name(civ->xid, tvb, 0, 0, - 0/*parent offset*/, 0/*parent len*/, + nfs_name_snoop_add_name(civ->xid, tvb, 0, 0, + 0/*parent offset*/, 0/*parent len*/, name); } } @@ -5902,6 +5902,9 @@ static const value_string names_fattr4[] = { #define FATTR4_BITMAP_ONLY 0 #define FATTR4_FULL_DISSECT 1 +/* XXX - What's a good maximum? Linux appears to use 10. + * FreeBSD appears to use 2. OpenSolaris appears to use 2. */ +#define MAX_BITMAP_LEN 10 static int dissect_nfs_attributes(tvbuff_t *tvb, int offset, packet_info *pinfo, @@ -5920,6 +5923,11 @@ dissect_nfs_attributes(tvbuff_t *tvb, int offset, packet_info *pinfo, int attr_vals_offset; bitmap_len = tvb_get_ntohl(tvb, offset); + if (bitmap_len > MAX_BITMAP_LEN) { + proto_tree_add_text(tree, tvb, offset, 4, + "Huge bitmap length: %u", bitmap_len); + THROW(ReportedBoundsError); + } tvb_ensure_bytes_exist(tvb, offset, 4 + bitmap_len * 4); fitem = proto_tree_add_text(tree, tvb, offset, 4 + bitmap_len * 4, "%s", "attrmask"); @@ -6848,7 +6856,7 @@ dissect_nfs_open_delegation4(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_item *fitem = NULL; delegation_type = tvb_get_ntohl(tvb, offset); - fitem = proto_tree_add_uint(tree, hf_nfs_open_delegation_type4, tvb, + fitem = proto_tree_add_uint(tree, hf_nfs_open_delegation_type4, tvb, offset+0, 4, delegation_type); offset += 4; @@ -6976,7 +6984,7 @@ dissect_nfs_argop4(tvbuff_t *tvb, int offset, packet_info *pinfo, if (opcode == NFS4_OP_ILLEGAL) newftree = proto_item_add_subtree(fitem, ett_nfs_illegal4); else - newftree = proto_item_add_subtree(fitem, + newftree = proto_item_add_subtree(fitem, *nfsv4_operation_ett[opcode - 3]); if (newftree == NULL) break; @@ -7327,7 +7335,7 @@ dissect_nfs_resop4(tvbuff_t *tvb, int offset, packet_info *pinfo, if (opcode == NFS4_OP_ILLEGAL) newftree = proto_item_add_subtree(fitem, ett_nfs_illegal4); else - newftree = proto_item_add_subtree(fitem, + newftree = proto_item_add_subtree(fitem, *nfsv4_operation_ett[opcode - 3]); if (newftree == NULL) @@ -7338,7 +7346,7 @@ dissect_nfs_resop4(tvbuff_t *tvb, int offset, packet_info *pinfo, /* * With the exception of NFS4_OP_LOCK, NFS4_OP_LOCKT, and * NFS4_OP_SETATTR, all other ops do *not* return data with the - * failed status code. + * failed status code. */ if ((status != NFS4_OK) && ((opcode != NFS4_OP_LOCK) && (opcode != NFS4_OP_LOCKT) && @@ -7567,7 +7575,7 @@ static const value_string nfsv3_proc_vals[] = { /* end of NFS Version 3 */ -/* the call to dissect_nfs3_null_call & dissect_nfs3_null_reply is +/* the call to dissect_nfs3_null_call & dissect_nfs3_null_reply is * intentional. The V4 NULLPROC is the same as V3. */ static const vsff nfs4_proc[] = { |