git.samba.org / obnox / wireshark / wip.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4ebc225)
Add an expert info warning for integers encoded with too many octets.
authorstig <stig@f5534014-38df-0310-8fa8-9805f1628bb7>
Mon, 29 Aug 2011 10:01:36 +0000 (10:01 +0000)
committerstig <stig@f5534014-38df-0310-8fa8-9805f1628bb7>
Mon, 29 Aug 2011 10:01:36 +0000 (10:01 +0000)
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@38771 f5534014-38df-0310-8fa8-9805f1628bb7

epan/dissectors/packet-ber.c patch | blob | history

diff --git a/epan/dissectors/packet-ber.c b/epan/dissectors/packet-ber.c
index 610dcaebdea19d6ac3fdcaa44e963257290fc6d4..acb1fe752c5ec277941a6a8dc932745a495b23a2 100644 (file)
--- a/epan/dissectors/packet-ber.c
+++ b/epan/dissectors/packet-ber.c
@@ -1548,6 +1548,7 @@ dissect_ber_integer64(gboolean implicit_tag, asn1_ctx_t *actx, proto_tree *tree,
        guint32 len;
        gint64 val;
        guint32 i;
+       gboolean used_too_many_bytes = FALSE;
 
 #ifdef DEBUG_BER
 {
@@ -1603,9 +1604,18 @@ printf("INTEGERnew dissect_ber_integer(%s) entered implicit_tag:%d \n",name,impl
        val=0;
        if(len > 0) {
                /* extend sign bit */
-               if(tvb_get_guint8(tvb, offset)&0x80){
+               guint8 first = tvb_get_guint8(tvb, offset);
+               if(first & 0x80){
                        val=-1;
                }
+               if(len > 1) {
+                       guint8 second = tvb_get_guint8(tvb, offset+1);
+                       if((first == 0x00 && (second & 0x80) == 0) ||
+                          (first == 0xff && (second & 0x80)))
+                       {
+                               used_too_many_bytes = TRUE;
+                       }
+               }
                for(i=0;i<len;i++){
                        val=(val<<8)|tvb_get_guint8(tvb, offset);
                        offset++;
@@ -1645,6 +1655,11 @@ printf("INTEGERnew dissect_ber_integer(%s) entered implicit_tag:%d \n",name,impl
                        default:
                                DISSECTOR_ASSERT_NOT_REACHED();
                        }
+
+                       if (used_too_many_bytes) {
+                               expert_add_info_format(actx->pinfo, actx->created_item, PI_PROTOCOL, PI_WARN, 
+                                                      "Value is encoded with too many bytes");
+                       }
                }
        }
 
git mirror of the wireshark svn