Fix up a bunch of arguments to "dissect_ber_identifier()" to match its

[obnox/wireshark/wip.git] / epan / dissectors / packet-ppp.c

diff --git a/epan/dissectors/packet-ppp.c b/epan/dissectors/packet-ppp.c
index 66fb6c6129b8ebb790729d6110f18d575c5d6eee..e878bc2d63688ee5afffe7438e9b624f70d3f875 100644 (file)
--- a/epan/dissectors/packet-ppp.c
+++ b/epan/dissectors/packet-ppp.c
@@ -245,7 +245,7 @@ const value_string ppp_vals[] = {
        {PPP_NTCITS_IPI,"NTCITS IPI" },
        {PPP_ML_SLCOMP, "single link compression in multilink" },
        {PPP_COMP,      "compressed packet" },
-       {PPP_STP_HELLO, "802.1d Hello Packet" },
+       {PPP_STP_HELLO, "802.1D Hello Packet" },
        {PPP_IBM_SR,    "IBM Source Routing BPDU" },
        {PPP_DEC_LB,    "DEC LANBridge100 Spanning Tree"},
        {PPP_CDP,       "Cisco Discovery Protocol" },
@@ -1521,11 +1521,11 @@ decode_fcs(tvbuff_t *tvb, proto_tree *fh_tree, int fcs_decode, int proto_offset)
       rx_fcs_got = tvb_get_letohs(tvb, rx_fcs_offset);
       if (rx_fcs_got != rx_fcs_exp) {
         proto_tree_add_text(fh_tree, tvb, rx_fcs_offset, 2,
-                            "FCS 16: 0x%04x (incorrect, should be 0x%04x)",
+                            "FCS 16: 0x%04x [incorrect, should be 0x%04x]",
                             rx_fcs_got, rx_fcs_exp);
       } else {
         proto_tree_add_text(fh_tree, tvb, rx_fcs_offset, 2,
-                            "FCS 16: 0x%04x (correct)",
+                            "FCS 16: 0x%04x [correct]",
                             rx_fcs_got);
       }
     }
@@ -1573,18 +1573,18 @@ decode_fcs(tvbuff_t *tvb, proto_tree *fh_tree, int fcs_decode, int proto_offset)
       rx_fcs_got = tvb_get_letohl(tvb, rx_fcs_offset);
       if (rx_fcs_got != rx_fcs_exp) {
         proto_tree_add_text(fh_tree, tvb, rx_fcs_offset, 4,
-                            "FCS 32: 0x%08x (incorrect, should be 0x%08x)",
+                            "FCS 32: 0x%08x [incorrect, should be 0x%08x]",
                             rx_fcs_got, rx_fcs_exp);
       } else {
         proto_tree_add_text(fh_tree, tvb, rx_fcs_offset, 4,
-                            "FCS 32: 0x%08x (correct)",
+                            "FCS 32: 0x%08x [correct]",
                             rx_fcs_got);
       }
     }
     break;
 
   default:
-   g_assert_not_reached();
+   DISSECTOR_ASSERT_NOT_REACHED();
    next_tvb = NULL;
   }
 
@@ -2395,11 +2395,16 @@ dissect_cbcp_callback_opt(const ip_tcp_opt *optp, tvbuff_t *tvb,
     offset++;
     length--;
     addr_len = tvb_strsize(tvb, offset);
+    if (addr_len > length) {
+      proto_tree_add_text(addr_tree, tvb, offset, length,
+                         "Address: (runs past end of option)");
+      break;
+    }
     proto_tree_add_text(addr_tree, tvb, offset, addr_len,
                        "Address: %s",
                        tvb_format_text(tvb, offset, addr_len - 1));
-    offset += (addr_len + 1);
-    length -= (addr_len + 1);
+    offset += addr_len;
+    length -= addr_len;
   }
 }
 
@@ -2460,27 +2465,39 @@ dissect_bap_phone_delta_opt(const ip_tcp_opt *optp, tvbuff_t *tvb,
     subopt_type = tvb_get_guint8(tvb, offset);
     subopt_len = tvb_get_guint8(tvb, offset + 1);
     ti = proto_tree_add_text(field_tree, tvb, offset, subopt_len,
-               "Sub-Option (%d byte%s)",
+               "Sub-Option (%u byte%s)",
                subopt_len, plurality(subopt_len, "", "s"));
     suboption_tree = proto_item_add_subtree(ti, ett_bap_phone_delta_subopt);
-    if (subopt_len < 1) {
-      proto_tree_add_text(suboption_tree, tvb, offset + 1, 1,
-         "Invalid suboption length: %u", subopt_len);
-      return;
-    }
 
     proto_tree_add_text(suboption_tree, tvb, offset, 1,
        "Sub-Option Type: %s (%u)",
        val_to_str(subopt_type, bap_phone_delta_subopt_vals, "Unknown"),
        subopt_type);
 
+    if (subopt_len < 2) {
+      proto_tree_add_text(suboption_tree, tvb, offset + 1, 1,
+         "Sub-Option Length: %u (invalid, must be >= 2)", subopt_len);
+      return;
+    }
+    if (subopt_len > length) {
+      proto_tree_add_text(suboption_tree, tvb, offset + 1, 1,
+         "Sub-Option Length: %u (invalid, must be <= length remaining in option %u)", subopt_len, length);
+      return;
+    }
+
     proto_tree_add_text(suboption_tree, tvb, offset + 1, 1,
        "Sub-Option Length: %u", subopt_len);
 
     switch (subopt_type) {
     case BAP_PHONE_DELTA_SUBOPT_UNIQ_DIGIT:
-      proto_tree_add_text(suboption_tree, tvb, offset + 2, 1, "Uniq Digit: %u",
-                         tvb_get_guint8(tvb, offset + 2));
+      if (subopt_len == 3) {
+        proto_tree_add_text(suboption_tree, tvb, offset + 2, 1, "Unique Digit: %u",
+                           tvb_get_guint8(tvb, offset + 2));
+      } else {
+        proto_tree_add_text(suboption_tree, tvb, offset + 1, 1,
+                         "Invalid suboption length: %u (must be == 3)",
+                         subopt_len);
+      }
       break;
     case BAP_PHONE_DELTA_SUBOPT_SUBSC_NUM:
       if (subopt_len > 2) {
@@ -2489,7 +2506,8 @@ dissect_bap_phone_delta_opt(const ip_tcp_opt *optp, tvbuff_t *tvb,
                          tvb_format_text(tvb, offset + 2, subopt_len - 2));
       } else {
         proto_tree_add_text(suboption_tree, tvb, offset + 1, 1,
-                         "Invalid suboption length: %u", subopt_len);
+                         "Invalid suboption length: %u (must be > 2)",
+                         subopt_len);
       }
       break;
     case BAP_PHONE_DELTA_SUBOPT_PHONENUM_SUBADDR:
@@ -2499,7 +2517,8 @@ dissect_bap_phone_delta_opt(const ip_tcp_opt *optp, tvbuff_t *tvb,
                          tvb_format_text(tvb, offset + 2, subopt_len - 2));
       } else {
         proto_tree_add_text(suboption_tree, tvb, offset + 1, 1,
-                         "Invalid suboption length: %u", subopt_len);
+                         "Invalid suboption length: %u (must be > 2)",
+                         subopt_len);
       }
       break;
     default:
@@ -2508,7 +2527,8 @@ dissect_bap_phone_delta_opt(const ip_tcp_opt *optp, tvbuff_t *tvb,
                          "Unknown");
       } else {
         proto_tree_add_text(suboption_tree, tvb, offset + 1, 1,
-                         "Invalid suboption length: %u", subopt_len);
+                         "Invalid suboption length: %u (must be > 2)",
+                         subopt_len);
       }
       break;
     }
@@ -2621,7 +2641,6 @@ dissect_cp( tvbuff_t *tvb, int proto_id, int proto_subtree_index,
     case ECHOREQ:
     case ECHOREP:
     case DISCREQ:
-    case IDENT:
       if(tree) {
        proto_tree_add_text(fh_tree, tvb, offset, 4, "Magic number: 0x%08x",
                        tvb_get_ntohl(tvb, offset));
@@ -2633,6 +2652,18 @@ dissect_cp( tvbuff_t *tvb, int proto_id, int proto_subtree_index,
       }
       break;
 
+    case IDENT:
+      if(tree) {
+       proto_tree_add_text(fh_tree, tvb, offset, 4, "Magic number: 0x%08x",
+                       tvb_get_ntohl(tvb, offset));
+       offset += 4;
+       length -= 4;
+       if (length > 0)
+          proto_tree_add_text(fh_tree, tvb, offset, length, "Message: %s",
+                               tvb_format_text(tvb, offset, length));
+      }
+      break;
+
     case TIMEREMAIN:
       if(tree) {
        proto_tree_add_text(fh_tree, tvb, offset, 4, "Magic number: 0x%08x",
@@ -2992,6 +3023,7 @@ dissect_pppmux(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
       length_remaining -= hdr_length;
       length -= pid_field;
 
+      tvb_ensure_bytes_exist (tvb,offset,length);
       sub_ti = proto_tree_add_text(sub_tree,tvb,offset,length,"Information Field");
       info_tree = proto_item_add_subtree(sub_ti,ett_pppmux_subframe_info);
 
@@ -3508,9 +3540,8 @@ dissect_chap( tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree ) {
   proto_tree *value_tree;
 
   guint8 code, id, value_size;
-  guint16 length;
+  gint32 length;
   int offset;
-  int name_length;
 
   code = tvb_get_guint8(tvb, 0);
   id = tvb_get_guint8(tvb, 1);
@@ -3530,6 +3561,15 @@ dissect_chap( tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree ) {
       val_to_str(code, chap_vals, "Unknown"), code);
     proto_tree_add_text(fh_tree, tvb, 1, 1, "Identifier: 0x%02x",
                        id);
+  }
+  if(length < 4) {
+    if(tree) {
+      proto_tree_add_text(fh_tree, tvb, 2, 2, "Length: %u (invalid, must be >= 4)",
+                         length);
+      return;
+    }
+  }
+  if(tree) {
     proto_tree_add_text(fh_tree, tvb, 2, 2, "Length: %u",
                        length);
   }
@@ -3546,23 +3586,30 @@ dissect_chap( tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree ) {
                                   plurality(length, "", "s"));
           field_tree = proto_item_add_subtree(tf, ett_chap_data);
          value_size = tvb_get_guint8(tvb, offset);
-         name_length = length - value_size - 1;
+         length--;
+         if (value_size > length) {
+           proto_tree_add_text(field_tree, tvb, offset, 1,
+                               "Value Size: %d byte%s (invalid, must be <= %u)",
+                               value_size, plurality(value_size, "", "s"),
+                               length);
+           return;
+         }
          tv = proto_tree_add_text(field_tree, tvb, offset, 1,
-                                  "Value Size: %d byte%s",
-                                  value_size, plurality(value_size, "", "s"));
-         if (--length > 0) {
+                                 "Value Size: %u byte%s",
+                                 value_size, plurality(value_size, "", "s"));
+         offset++;
+         if (length > 0) {
            value_tree = proto_item_add_subtree(tv, ett_chap_value);
-           proto_tree_add_text(value_tree, tvb, ++offset,
-                               ppp_min(value_size, length),
-                               "Value (%d byte%s)",
+           proto_tree_add_text(value_tree, tvb, offset, value_size,
+                               "Value (%u byte%s)",
                                value_size, plurality(value_size, "", "s"));
            offset+=value_size;
            length-=value_size;
            if (length > 0) {
-             proto_tree_add_text(field_tree, tvb, offset,
-                                 ppp_min(name_length, length),
-                                 "Name (%d byte%s)", name_length,
-                                 plurality(name_length, "", "s"));
+                 tvb_ensure_bytes_exist(tvb, offset, length);
+             proto_tree_add_text(field_tree, tvb, offset, length,
+                                 "Name (%u byte%s)", length,
+                                 plurality(length, "", "s"));
            }
          }
         }
@@ -3574,18 +3621,18 @@ dissect_chap( tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree ) {
       if(tree) {
         if (length > 0) {
           tf = proto_tree_add_text(fh_tree, tvb, offset, length,
-                                  "Data (%d byte%s)", length,
+                                  "Data (%u byte%s)", length,
                                   plurality(length, "", "s"));
           field_tree = proto_item_add_subtree(tf, ett_chap_data);
          tv = proto_tree_add_text(field_tree, tvb, offset, length,
-                                  "Message: %d byte%s",
+                                  "Message: %u byte%s",
                                   length, plurality(length, "", "s"));
        }
       }
       break;
     default:
       if (length > 0)
-        proto_tree_add_text(fh_tree, tvb, offset, length, "Stuff (%d byte%s)",
+        proto_tree_add_text(fh_tree, tvb, offset, length, "Stuff (%u byte%s)",
                                length, plurality(length, "", "s"));
       break;
   }