aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Mann <mmann78@netscape.net>2016-07-09 09:05:12 -0400
committerMichael Mann <mmann78@netscape.net>2016-07-09 14:17:34 +0000
commita9d5256890c9189c7461bfce6ed6edce5d861499 (patch)
treeac8fc3f2f09dd89745cf320872d8c53dd82f426b
parent8e1cc70fd57e958ef5f062f1a6367d85ebc9fed1 (diff)
packet-wsp.c: Fix infinite loop in add_headers
Bug: 12594 Change-Id: Id86d1e5f2db12871bc1b345721e79e57192f01e1 Reviewed-on: https://code.wireshark.org/review/16355 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
-rw-r--r--epan/dissectors/packet-wsp.c15
1 files changed, 15 insertions, 0 deletions
diff --git a/epan/dissectors/packet-wsp.c b/epan/dissectors/packet-wsp.c
index 32f6171..2b2b189 100644
--- a/epan/dissectors/packet-wsp.c
+++ b/epan/dissectors/packet-wsp.c
@@ -379,6 +379,7 @@ static expert_field ei_wsp_invalid_parameter_value = EI_INIT;
static expert_field ei_wsp_undecoded_parameter = EI_INIT;
static expert_field ei_hdr_x_wap_tod = EI_INIT;
static expert_field ei_wsp_trailing_quote = EI_INIT;
+static expert_field ei_wsp_header_invalid = EI_INIT;
/* Handle for WSP-over-UDP dissector */
@@ -4378,6 +4379,7 @@ add_headers (proto_tree *tree, tvbuff_t *tvb, int hf, packet_info *pinfo)
guint8 hdr_id, val_id, codepage = 1;
gint32 tvb_len = tvb_reported_length(tvb);
gint32 offset = 0;
+ gint32 save_offset;
gint32 hdr_len, hdr_start;
gint32 val_len, val_start;
gchar *hdr_str, *val_str;
@@ -4401,13 +4403,25 @@ add_headers (proto_tree *tree, tvbuff_t *tvb, int hf, packet_info *pinfo)
hdr_len = 1;
/* Call header value dissector for given header */
if (codepage == 1) { /* Default header code page */
+ save_offset = offset;
offset = WellKnownHeader[hdr_id & 0x7F](wsp_headers, tvb,
hdr_start, pinfo);
+ /* Make sure we're progressing forward */
+ if (save_offset <= offset) {
+ expert_add_info(pinfo, ti, &ei_wsp_header_invalid);
+ break;
+ }
} else { /* Openwave header code page */
/* Here I'm delibarately assuming that Openwave is the only
* company that defines a WSP header code page. */
+ save_offset = offset;
offset = WellKnownOpenwaveHeader[hdr_id & 0x7F](wsp_headers,
tvb, hdr_start, pinfo);
+ /* Make sure we're progressing forward */
+ if (save_offset <= offset) {
+ expert_add_info(pinfo, ti, &ei_wsp_header_invalid);
+ break;
+ }
}
} else if (hdr_id == 0x7F) { /* HCP shift sequence */
codepage = tvb_get_guint8(tvb, offset+1);
@@ -7142,6 +7156,7 @@ proto_register_wsp(void)
{ &ei_hdr_x_wap_tod, { "wsp.header.x_wap_tod.not_text", PI_PROTOCOL, PI_WARN, "Should be encoded as a textual value", EXPFILL }},
{ &ei_wsp_undecoded_parameter, { "wsp.undecoded_parameter", PI_UNDECODED, PI_WARN, "Invalid parameter value", EXPFILL }},
{ &ei_wsp_trailing_quote, { "wsp.trailing_quote", PI_PROTOCOL, PI_WARN, "Quoted-string value has been encoded with a trailing quote", EXPFILL }},
+ { &ei_wsp_header_invalid, { "wsp.header_invalid", PI_MALFORMED, PI_ERROR, "Malformed header", EXPFILL }},
};
expert_module_t* expert_wsp;