Fix https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6817 :

Make the IPP dissector a 'new-style' dissector that does not accept packets
which are clearly not IPP.

This is useful when a user points their web browser at a CUPS server--which
causes the CUPS server to spit out a nice looking web page from which you can
administer the server and/or printers but which up until this fix caused the
IPP dissector to mark the packet as malformed.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@41018 f5534014-38df-0310-8fa8-9805f1628bb7

diff --git a/epan/dissectors/packet-ipp.c b/epan/dissectors/packet-ipp.c
index c649e96e512057938e19d0ffc007fa1aa304ca29..5ac43580e077b61f5c703ee86c0d433b5aaf3dd1 100644 (file)
--- a/epan/dissectors/packet-ipp.c
+++ b/epan/dissectors/packet-ipp.c
@@ -179,7 +179,7 @@ static void add_charstring_value(const gchar *tag_desc, proto_tree *tree,
 static int add_value_head(const gchar *tag_desc, proto_tree *tree,
     tvbuff_t *tvb, int offset, int name_length, int value_length, char **name_val);
 
-static void
+static int
 dissect_ipp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 {
        proto_tree *ipp_tree;
@@ -190,6 +190,24 @@ dissect_ipp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
        guint16 status_code;
        const gchar *status_fmt;
 
+       /* First, do some heuristics to determine if this is an IPP packet */
+
+       /* Is there enough data to tell if this is IPP? */
+       if (tvb_length(tvb) < 8)
+               return 0;
+
+       /* Is the major version reasonable? */
+       if (tvb_get_guint8(tvb, 0) > 2)
+               return 0; /* Not IPP (at least not yet) */
+
+       if (is_request) {
+               if (!match_strval(tvb_get_ntohs(tvb, 2), operation_vals))
+                       return 0; /* Not IPP */
+       } else {
+               if ((tvb_get_ntohs(tvb, 2) & STATUS_TYPE_MASK) > STATUS_SERVER_ERROR)
+                       return 0; /* Not IPP */
+       }
+
        col_set_str(pinfo->cinfo, COL_PROTOCOL, "IPP");
        if (check_col(pinfo->cinfo, COL_INFO)) {
                if (is_request)
@@ -257,6 +275,8 @@ dissect_ipp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
                            ipp_tree);
                }
        }
+
+       return(tvb_length(tvb));
 }
 
 #define        TAG_TYPE(tag)           ((tag) & 0xF0)
@@ -709,7 +729,7 @@ proto_reg_handoff_ipp(void)
        /*
         * Register ourselves as running atop HTTP and using port 631.
         */
-       ipp_handle = create_dissector_handle(dissect_ipp, proto_ipp);
+       ipp_handle = new_create_dissector_handle(dissect_ipp, proto_ipp);
        http_dissector_add(631, ipp_handle);
        dissector_add_string("media_type", "application/ipp", ipp_handle);
         data_handle = find_dissector("data");