Ethereal-dev: [ethereal-dev] Re: [ethereal-users] ethereal hangs (bug #68024 reported to Debia
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Guy Harris <gharris@xxxxxxxxxxxx>
Date: Fri, 4 Aug 2000 00:37:10 -0700
On Thu, Aug 03, 2000 at 09:23:26PM -0700, Guy Harris wrote: > There are some problems in the SRVLOC dissector. I shall work on a fix > for them, and send a patch out. This fixes the hang, and clears up a number of problems with the SRVLOC dissector; I'll be checking it in.
Index: packet-srvloc.c =================================================================== RCS file: /usr/local/cvsroot/ethereal/packet-srvloc.c,v retrieving revision 1.9 diff -c -r1.9 packet-srvloc.c *** packet-srvloc.c 2000/05/31 05:07:48 1.9 --- packet-srvloc.c 2000/08/04 07:35:48 *************** *** 147,153 **** { AUTH_FAILED, "Authentication failed" }, }; ! void dissect_authblk(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) { struct tm *stamp; --- 147,153 ---- { AUTH_FAILED, "Authentication failed" }, }; ! static int dissect_authblk(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) { struct tm *stamp; *************** *** 172,177 **** --- 172,178 ---- proto_tree_add_text(tree, NullTVB, offset, length, "Authentication block: %s", format_text(&pd[offset], length)); offset += length; + return offset; }; /* Packet dissection routine called by tcp & udp when port 427 detected */ *************** *** 182,189 **** proto_item *ti, *tf; proto_tree *srvloc_tree, *srvloc_flags; struct srvloc_hdr srvloc_hdr; ! int count; ! int length; if (check_col(fd, COL_PROTOCOL)) col_add_str(fd, COL_PROTOCOL, "SRVLOC"); --- 183,190 ---- proto_item *ti, *tf; proto_tree *srvloc_tree, *srvloc_flags; struct srvloc_hdr srvloc_hdr; ! guint32 count; ! guint32 length; if (check_col(fd, COL_PROTOCOL)) col_add_str(fd, COL_PROTOCOL, "SRVLOC"); *************** *** 223,387 **** switch (srvloc_hdr.function) { case SRVREQ: proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Service Request"); length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Previous Response List Length: %d", length); offset += 2; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Previous Response List: %s", format_text(&pd[offset], length)); offset += length; length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Predicate length: %d", length); offset += 2; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Predicate: %s", format_text(&pd[offset], length)); offset += length; break; case SRVRPLY: proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Service Reply"); ! proto_tree_add_uint(srvloc_tree, hf_srvloc_error, NullTVB, offset, 2, pd[offset]);; ! offset += 2; ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL Count: %d", pntohs(&pd[offset])); ! offset += 2; ! for (count = pntohs(&pd[offset]) + 1; count > 0; count--, offset++) { proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL lifetime: %d", pntohs(&pd[offset])); offset += 2; length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL length: %d", length); offset += 2; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Service URL: %s", format_text(&pd[offset], length)); offset += length; if ( (srvloc_hdr.flags & FLAG_U) == FLAG_U ) ! dissect_authblk(pd, offset, fd, srvloc_tree); }; break; case SRVREG: proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Service Registration"); proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL lifetime: %d", pntohs(&pd[offset])); offset += 2; length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL length: %d", length); offset += 2; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Service URL: %s", format_text(&pd[offset], length)); offset += length; if ( (srvloc_hdr.flags & FLAG_U) == FLAG_U ) ! dissect_authblk(pd, offset, fd, srvloc_tree); length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Attribute List length: %d", length); offset += 2; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Attribute List: %s", format_text(&pd[offset], length)); offset += length; if ( (srvloc_hdr.flags & FLAG_A) == FLAG_A ) ! dissect_authblk(pd, offset, fd, srvloc_tree); break; case SRVDEREG: proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Service Deregister"); length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL length: %d", length); offset += 2; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Service URL: %s", format_text(&pd[offset], length)); offset += length; if ( (srvloc_hdr.flags & FLAG_U) == FLAG_U ) ! dissect_authblk(pd, offset, fd, srvloc_tree); length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Attribute List length: %d", length); offset += 2; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Attribute List: %s", format_text(&pd[offset], length)); offset += length; if ( (srvloc_hdr.flags & FLAG_A) == FLAG_A ) ! dissect_authblk(pd, offset, fd, srvloc_tree); break; case SRVACK: proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Service Acknowledge"); ! proto_tree_add_uint(srvloc_tree, hf_srvloc_error, NullTVB, offset, 2, pd[offset]);; offset += 2; break; case ATTRRQST: proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Attribute Request"); length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Previous Response List Length: %d", length); offset += 2; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Previous Response List: %s", format_text(&pd[offset], length)); offset += length; length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL length: %d", length); offset += 2; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Service URL: %s", format_text(&pd[offset], length)); offset += length; length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Scope List Length: %d", length); offset += 2; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Scope Response List: %s", format_text(&pd[offset], length)); offset += length; length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Attribute List length: %d", length); offset += 2; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Attribute List: %s", format_text(&pd[offset], length)); offset += length; break; case ATTRRPLY: proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Attribute Reply"); ! proto_tree_add_uint(srvloc_tree, hf_srvloc_error, NullTVB, offset, 2, pd[offset]);; offset += 2; length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Attribute List length: %d", length); offset += 2; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Attribute List: %s", format_text(&pd[offset], length)); offset += length; if ( (srvloc_hdr.flags & FLAG_A) == FLAG_A ) ! dissect_authblk(pd, offset, fd, srvloc_tree); break; case DAADVERT: proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "DA Advertisement"); ! proto_tree_add_uint(srvloc_tree, hf_srvloc_error, NullTVB, offset, 2, pd[offset]);; offset += 2; length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL length: %d", length); offset += 2; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Service URL: %s", format_text(&pd[offset], length)); offset += length; length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Scope List Length: %d", length); offset += 2; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Scope Response List: %s", format_text(&pd[offset], length)); offset += length; break; case SRVTYPERQST: proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Service Type Request"); length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Previous Response List Length: %d", length); offset += 2; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Previous Response List: %s", format_text(&pd[offset], length)); offset += length; length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Naming Authority List length: %d", length); offset += 2; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Naming Authority List: %s", format_text(&pd[offset], length)); offset += length; length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Scope List Length: %d", length); offset += 2; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Scope Response List: %s", format_text(&pd[offset], length)); offset += length; break; case SRVTYPERPLY: proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Service Type Reply"); ! proto_tree_add_uint(srvloc_tree, hf_srvloc_error, NullTVB, offset, 2, pd[offset]);; ! offset += 2; ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Service Type Count: %d", pntohs(&pd[offset])); ! offset += 2; ! for (count = pntohs(&pd[offset]) + 1; count > 0; count--, offset++) { length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Service Type List length: %d", length); offset += 2; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Service Type List: %s", format_text(&pd[offset], length)); offset += length; }; break; --- 224,482 ---- switch (srvloc_hdr.function) { case SRVREQ: proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Service Request"); + if (!BYTES_ARE_IN_FRAME(offset, 2)) + break; length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Previous Response List Length: %u", length); offset += 2; + if (!BYTES_ARE_IN_FRAME(offset, length)) + break; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Previous Response List: %s", format_text(&pd[offset], length)); offset += length; + if (!BYTES_ARE_IN_FRAME(offset, 2)) + break; length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Predicate length: %u", length); offset += 2; + if (!BYTES_ARE_IN_FRAME(offset, length)) + break; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Predicate: %s", format_text(&pd[offset], length)); offset += length; break; case SRVRPLY: proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Service Reply"); ! if (!BYTES_ARE_IN_FRAME(offset, 2)) ! break; ! proto_tree_add_uint(srvloc_tree, hf_srvloc_error, NullTVB, offset, 2, pd[offset]); ! offset += 2; ! if (!BYTES_ARE_IN_FRAME(offset, 2)) ! break; ! count = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL Count: %u", count); ! offset += 2; ! while (count > 0) { ! if (!BYTES_ARE_IN_FRAME(offset, 2)) ! break; proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL lifetime: %d", pntohs(&pd[offset])); offset += 2; + if (!BYTES_ARE_IN_FRAME(offset, 2)) + break; length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL length: %u", length); offset += 2; + if (!BYTES_ARE_IN_FRAME(offset, length)) + break; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Service URL: %s", format_text(&pd[offset], length)); offset += length; if ( (srvloc_hdr.flags & FLAG_U) == FLAG_U ) ! offset = dissect_authblk(pd, offset, fd, srvloc_tree); ! count--; }; break; case SRVREG: proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Service Registration"); + if (!BYTES_ARE_IN_FRAME(offset, 2)) + break; proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL lifetime: %d", pntohs(&pd[offset])); offset += 2; + if (!BYTES_ARE_IN_FRAME(offset, 2)) + break; length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL length: %u", length); offset += 2; + if (!BYTES_ARE_IN_FRAME(offset, length)) + break; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Service URL: %s", format_text(&pd[offset], length)); offset += length; if ( (srvloc_hdr.flags & FLAG_U) == FLAG_U ) ! offset = dissect_authblk(pd, offset, fd, srvloc_tree); ! if (!BYTES_ARE_IN_FRAME(offset, 2)) ! break; length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Attribute List length: %u", length); offset += 2; + if (!BYTES_ARE_IN_FRAME(offset, length)) + break; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Attribute List: %s", format_text(&pd[offset], length)); offset += length; if ( (srvloc_hdr.flags & FLAG_A) == FLAG_A ) ! offset = dissect_authblk(pd, offset, fd, srvloc_tree); break; case SRVDEREG: proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Service Deregister"); + if (!BYTES_ARE_IN_FRAME(offset, 2)) + break; length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL length: %u", length); offset += 2; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Service URL: %s", format_text(&pd[offset], length)); + if (!BYTES_ARE_IN_FRAME(offset, length)) + break; offset += length; if ( (srvloc_hdr.flags & FLAG_U) == FLAG_U ) ! offset = dissect_authblk(pd, offset, fd, srvloc_tree); ! if (!BYTES_ARE_IN_FRAME(offset, 2)) ! break; length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Attribute List length: %u", length); offset += 2; + if (!BYTES_ARE_IN_FRAME(offset, length)) + break; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Attribute List: %s", format_text(&pd[offset], length)); offset += length; if ( (srvloc_hdr.flags & FLAG_A) == FLAG_A ) ! offset = dissect_authblk(pd, offset, fd, srvloc_tree); break; case SRVACK: proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Service Acknowledge"); ! if (!BYTES_ARE_IN_FRAME(offset, 2)) ! break; ! proto_tree_add_uint(srvloc_tree, hf_srvloc_error, NullTVB, offset, 2, pd[offset]); offset += 2; break; case ATTRRQST: proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Attribute Request"); + if (!BYTES_ARE_IN_FRAME(offset, 2)) + break; length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Previous Response List Length: %u", length); offset += 2; + if (!BYTES_ARE_IN_FRAME(offset, length)) + break; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Previous Response List: %s", format_text(&pd[offset], length)); offset += length; + if (!BYTES_ARE_IN_FRAME(offset, 2)) + break; length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL length: %u", length); offset += 2; + if (!BYTES_ARE_IN_FRAME(offset, length)) + break; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Service URL: %s", format_text(&pd[offset], length)); offset += length; + if (!BYTES_ARE_IN_FRAME(offset, 2)) + break; length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Scope List Length: %u", length); offset += 2; + if (!BYTES_ARE_IN_FRAME(offset, length)) + break; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Scope Response List: %s", format_text(&pd[offset], length)); offset += length; + if (!BYTES_ARE_IN_FRAME(offset, 2)) + break; length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Attribute List length: %u", length); offset += 2; + if (!BYTES_ARE_IN_FRAME(offset, length)) + break; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Attribute List: %s", format_text(&pd[offset], length)); offset += length; break; case ATTRRPLY: proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Attribute Reply"); ! if (!BYTES_ARE_IN_FRAME(offset, 2)) ! break; ! proto_tree_add_uint(srvloc_tree, hf_srvloc_error, NullTVB, offset, 2, pd[offset]); offset += 2; + if (!BYTES_ARE_IN_FRAME(offset, 2)) + break; length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Attribute List length: %u", length); offset += 2; + if (!BYTES_ARE_IN_FRAME(offset, length)) + break; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Attribute List: %s", format_text(&pd[offset], length)); offset += length; if ( (srvloc_hdr.flags & FLAG_A) == FLAG_A ) ! offset = dissect_authblk(pd, offset, fd, srvloc_tree); break; case DAADVERT: proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "DA Advertisement"); ! if (!BYTES_ARE_IN_FRAME(offset, 2)) ! break; ! proto_tree_add_uint(srvloc_tree, hf_srvloc_error, NullTVB, offset, 2, pd[offset]); offset += 2; + if (!BYTES_ARE_IN_FRAME(offset, 2)) + break; length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "URL length: %u", length); offset += 2; + if (!BYTES_ARE_IN_FRAME(offset, length)) + break; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Service URL: %s", format_text(&pd[offset], length)); offset += length; + if (!BYTES_ARE_IN_FRAME(offset, 2)) + break; length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Scope List Length: %u", length); offset += 2; + if (!BYTES_ARE_IN_FRAME(offset, length)) + break; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Scope Response List: %s", format_text(&pd[offset], length)); offset += length; break; case SRVTYPERQST: proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Service Type Request"); + if (!BYTES_ARE_IN_FRAME(offset, 2)) + break; length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Previous Response List Length: %u", length); offset += 2; + if (!BYTES_ARE_IN_FRAME(offset, length)) + break; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Previous Response List: %s", format_text(&pd[offset], length)); offset += length; + if (!BYTES_ARE_IN_FRAME(offset, 2)) + break; length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Naming Authority List length: %u", length); offset += 2; + if (!BYTES_ARE_IN_FRAME(offset, length)) + break; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Naming Authority List: %s", format_text(&pd[offset], length)); offset += length; + if (!BYTES_ARE_IN_FRAME(offset, 2)) + break; length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Scope List Length: %u", length); offset += 2; + if (!BYTES_ARE_IN_FRAME(offset, length)) + break; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Scope Response List: %s", format_text(&pd[offset], length)); offset += length; break; case SRVTYPERPLY: proto_tree_add_text(srvloc_tree, NullTVB, offset, 0, "Service Type Reply"); ! if (!BYTES_ARE_IN_FRAME(offset, 2)) ! break; ! proto_tree_add_uint(srvloc_tree, hf_srvloc_error, NullTVB, offset, 2, pd[offset]); ! offset += 2; ! if (!BYTES_ARE_IN_FRAME(offset, 2)) ! break; ! count = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Service Type Count: %u", count); ! offset += 2; ! while (count > 0) { ! if (!BYTES_ARE_IN_FRAME(offset, 2)) ! break; length = pntohs(&pd[offset]); ! proto_tree_add_text(srvloc_tree, NullTVB, offset, 2, "Service Type List length: %u", length); offset += 2; + if (!BYTES_ARE_IN_FRAME(offset, length)) + break; proto_tree_add_text(srvloc_tree, NullTVB, offset, length, "Service Type List: %s", format_text(&pd[offset], length)); offset += length; + count--; }; break;
- Follow-Ups:
- [ethereal-dev] Re: [ethereal-users] ethereal hangs (bug #68024 reported to Debians bug list)
- From: Cristian Ionescu-Idbohrn
- [ethereal-dev] Re: [ethereal-users] ethereal hangs (bug #68024 reported to Debians bug list)
- References:
- [ethereal-dev] Re: [ethereal-users] ethereal hangs (bug #68024 reported to Debians bug list)
- From: Cristian Ionescu-Idbohrn
- [ethereal-dev] Re: [ethereal-users] ethereal hangs (bug #68024 reported to Debians bug list)
- From: Guy Harris
- [ethereal-dev] Re: [ethereal-users] ethereal hangs (bug #68024 reported to Debians bug list)
- Prev by Date: [ethereal-dev] IP checksum
- Next by Date: RE: [ethereal-dev] 0.8.11 on Win32?
- Previous by thread: [ethereal-dev] Re: [ethereal-users] ethereal hangs (bug #68024 reported to Debians bug list)
- Next by thread: [ethereal-dev] Re: [ethereal-users] ethereal hangs (bug #68024 reported to Debians bug list)
- Index(es):