diff options
authorJaap Keuter <jaap.keuter@xs4all.nl>2020-03-22 14:10:27 +0100
committerAnders Broman <a.broman58@gmail.com>2020-03-22 14:52:23 +0000
commitf998e785d5ead49c57ef282765519d4ae75e056e (patch)
parent428735ce9ea17e80b5afce108163a87bc9651e41 (diff)
RTCP: contain BYE packet dissection to its stated length
The Goodbye RTCP packet dissection has to derive whether the optional "Reason for leaving" string is present or not. This has to be derived from the length. When put into a compound RTCP packet, the length derivation from the TVB length does not work, because another RTCP packet may follow in this compound RTCP packet. With this change the stated length of this RTCP packet is passed to the RTCP BYE packet dissection function in order to make a proper length determination and not overrun into the next RTCP packet in the compound RTCP packet. Bug: 16434 Change-Id: Iab0fdd52c745028a9928bbef6c731ff649213277 Reviewed-on: https://code.wireshark.org/review/36532 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
1 files changed, 3 insertions, 3 deletions
diff --git a/epan/dissectors/packet-rtcp.c b/epan/dissectors/packet-rtcp.c
index 6d07153f1e..b059fbaf2a 100644
--- a/epan/dissectors/packet-rtcp.c
+++ b/epan/dissectors/packet-rtcp.c
@@ -2825,7 +2825,7 @@ dissect_rtcp_app( tvbuff_t *tvb,packet_info *pinfo, int offset, proto_tree *tree
static int
dissect_rtcp_bye( tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *tree,
- unsigned int count )
+ unsigned int count, unsigned int packet_length )
unsigned int chunk;
unsigned int reason_length = 0;
@@ -2839,7 +2839,7 @@ dissect_rtcp_bye( tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *tre
- if ( tvb_reported_length_remaining( tvb, offset ) > 0 ) {
+ if (count * 4 < packet_length) {
/* Bye reason consists of an 8 bit length l and a string with length l */
reason_length = tvb_get_guint8( tvb, offset );
proto_tree_add_item( tree, hf_rtcp_sdes_length, tvb, offset, 1, ENC_BIG_ENDIAN );
@@ -4279,7 +4279,7 @@ dissect_rtcp( tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U
/* Packet length in 32 bit words MINUS one, 16 bits */
offset = dissect_rtcp_length_field(rtcp_tree, tvb, offset);
- offset = dissect_rtcp_bye( tvb, pinfo, offset, rtcp_tree, elem_count );
+ offset = dissect_rtcp_bye( tvb, pinfo, offset, rtcp_tree, elem_count, packet_length-4 );
case RTCP_APP: {
/* Subtype, 5 bits */