X-Git-Url: http://git.samba.org/?p=metze%2Fwireshark%2Fwip.git;a=blobdiff_plain;f=epan%2Fdissectors%2Fpacket-ismp.c;h=4b91b26ef8d66f9ed19b97570913b099902893cf;hp=4e1527c7eea7deb761474c8548a9e4422ba1bfa3;hb=c768cf550384a846204e65520c5d1f0ada908cb0;hpb=443a7ed259f40ba5cfcc7d9c1e0fe5d7fee0d18c diff --git a/epan/dissectors/packet-ismp.c b/epan/dissectors/packet-ismp.c index 4e1527c7ee..4b91b26ef8 100644 --- a/epan/dissectors/packet-ismp.c +++ b/epan/dissectors/packet-ismp.c @@ -7,19 +7,7 @@ * By Gerald Combs * Copyright 1998 Gerald Combs * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * SPDX-License-Identifier: GPL-2.0-or-later */ #include "config.h" @@ -219,17 +207,20 @@ static const value_string edp_tuple_types[] = static gchar* ipx_addr_to_str(const guint32 net, const guint8 *ad) { - gchar *buf; - char *name; + gchar *buf; + const gchar *name; name = get_ether_name_if_known(ad); if (name) { - buf = wmem_strdup_printf(wmem_packet_scope(), "%s.%s", get_ipxnet_name(wmem_packet_scope(), net), name); + buf = wmem_strdup_printf(wmem_packet_scope(), "%s.%s", + get_ipxnet_name(wmem_packet_scope(), net), + name); } else { - buf = wmem_strdup_printf(wmem_packet_scope(), "%s.%s", get_ipxnet_name(wmem_packet_scope(), net), - bytestring_to_str(wmem_packet_scope(), ad, 6, '\0')); + buf = wmem_strdup_printf(wmem_packet_scope(), "%s.%s", + get_ipxnet_name(wmem_packet_scope(), net), + bytestring_to_str(wmem_packet_scope(), ad, 6, '\0')); } return buf; } @@ -245,10 +236,11 @@ dissect_ismp_edp(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *ismp guint16 num_neighbors = 0; guint16 num_tuples = 0; guint16 tuple_type = 0; - guint16 tuple_length = 0; + guint32 tuple_length = 0; + gchar* ipx_addr_str; /* Set up structures needed to add the protocol subtree and manage it */ - proto_item *edp_ti, *ti; + proto_item *edp_ti; proto_tree *edp_tree; proto_item *edp_neighbors_ti; @@ -261,7 +253,7 @@ dissect_ismp_edp(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *ismp proto_tree *edp_tuples_leaf_tree; - /* add column iformation marking this as EDP (Enterasys Discover Protocol */ + /* add column information marking this as EDP (Enterasys Discover Protocol */ col_set_str(pinfo->cinfo, COL_PROTOCOL, "ISMP.EDP"); col_clear(pinfo->cinfo, COL_INFO); @@ -437,23 +429,27 @@ dissect_ismp_edp(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *ismp while ( (tuples_count < num_tuples) && (tvb_reported_length_remaining(tvb, offset) >= 4) ) { - tuple_length = tvb_get_ntohs(tvb, offset+2); - edp_tuples_leaf_tree = proto_tree_add_subtree_format(edp_tuples_tree, tvb, offset, tuple_length, + edp_tuples_leaf_tree = proto_tree_add_subtree_format(edp_tuples_tree, tvb, offset, 4, ett_ismp_edp_tuples_leaf, NULL, "Tuple%d", tuples_count+1); tuple_type = tvb_get_ntohs(tvb, offset); proto_tree_add_item(edp_tuples_leaf_tree, hf_ismp_tuple_type, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; - proto_tree_add_item(edp_tuples_leaf_tree, hf_ismp_tuple_length, tvb, offset, 2, ENC_BIG_ENDIAN); + proto_tree_add_item_ret_uint(edp_tuples_leaf_tree, hf_ismp_tuple_length, tvb, offset, 2, ENC_BIG_ENDIAN, &tuple_length); + if (tuple_length < 4) { + proto_tree_add_expert(edp_tree, pinfo, &ei_ismp_malformed, tvb, offset, 2); + return; + } offset += 2; + proto_item_set_len(edp_tuples_leaf_tree, tuple_length); + tuple_length -= 4; - if (tvb_reported_length_remaining(tvb, offset) >= tuple_length) + if ((guint)tvb_reported_length_remaining(tvb, offset) >= tuple_length) { switch (tuple_type) { case EDP_TUPLE_HOLD: - ti = proto_tree_add_item(edp_tuples_leaf_tree, hf_ismp_hold_time, tvb, offset, hf_ismp_hold_time, ENC_BIG_ENDIAN); - proto_item_set_len(ti, tuple_length); + proto_tree_add_item(edp_tuples_leaf_tree, hf_ismp_hold_time, tvb, offset, tuple_length, ENC_BIG_ENDIAN); break; case EDP_TUPLE_INT_NAME: proto_tree_add_item(edp_tuples_leaf_tree, hf_ismp_interface_name, tvb, offset, tuple_length, ENC_NA|ENC_ASCII); @@ -464,9 +460,12 @@ dissect_ismp_edp(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *ismp proto_tree_add_item(edp_tuples_leaf_tree, hf_ismp_system_description, tvb, offset, tuple_length, ENC_NA|ENC_ASCII); break; case EDP_TUPLE_IPX_ADDR: - proto_tree_add_string(edp_tuples_leaf_tree, hf_ismp_interface_ipx_address ,tvb, offset, tuple_length, - ipx_addr_to_str(tvb_get_ntohl(tvb, offset), - tvb_get_string_enc(wmem_packet_scope(), tvb, offset+4, tuple_length-4, ENC_ASCII))); + if (tuple_length != 4+6) { + proto_tree_add_expert(edp_tree, pinfo, &ei_ismp_malformed, tvb, offset, tuple_length); + return; + } + ipx_addr_str = ipx_addr_to_str(tvb_get_ntohl(tvb, offset), tvb_get_ptr(tvb, offset+4, tuple_length-4)); + proto_tree_add_string(edp_tuples_leaf_tree, hf_ismp_interface_ipx_address ,tvb, offset, tuple_length, ipx_addr_str); break; case EDP_TUPLE_UNKNOWN: default: