diff options
| author | Guy Harris <guy@alum.mit.edu> | 2003-03-05 07:17:50 +0000 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2003-03-05 07:17:50 +0000 |
| commit | 05c41a279fb9e2df3ded86aece0470c1b1aad887 (patch) | |
| tree | e20f09b7846e741997fb1b8469d5321879f09516 | |
| parent | 72a00f19ca8b8d7f15a01a74916677afa42c8dfa (diff) | |
| download | wireshark-05c41a279fb9e2df3ded86aece0470c1b1aad887.tar.gz wireshark-05c41a279fb9e2df3ded86aece0470c1b1aad887.tar.bz2 wireshark-05c41a279fb9e2df3ded86aece0470c1b1aad887.zip | |
Use the reported length, not the captured length, as the fragment length
when doing reassembly.
In some additional places, use "tvb_bytes_exist()" to check whether we
have enough data to do reassembly, rather than checking to see if the
frame is short (it might be short but we might still have enough data to
do reassembly).
In DCE RPC, use the fragment length from the header as the number of
bytes of fragment data.
There's no need to check "pinfo->fragmented" before doing reassembly in
the DCERPC-over-SMB-pipes code - either we have all the data or we
don't.
In SNA and WTP reassembly, add a check to make sure we have all the data
to be reassembled.
svn path=/trunk/; revision=7282
| -rw-r--r-- | packet-atalk.c | 4 | ||||
| -rw-r--r-- | packet-dcerpc.c | 111 | ||||
| -rw-r--r-- | packet-smb-pipe.c | 16 | ||||
| -rw-r--r-- | packet-sna.c | 60 | ||||
| -rw-r--r-- | packet-tcp.c | 8 | ||||
| -rw-r--r-- | packet-wtp.c | 19 |
6 files changed, 116 insertions, 102 deletions
diff --git a/packet-atalk.c b/packet-atalk.c index bac23e857a..5a56dc24aa 100644 --- a/packet-atalk.c +++ b/packet-atalk.c @@ -2,7 +2,7 @@ * Routines for AppleTalk packet disassembly: LLAP, DDP, NBP, ATP, ASP, * RTMP. * - * $Id: packet-atalk.c,v 1.86 2003/01/23 09:39:32 guy Exp $ + * $Id: packet-atalk.c,v 1.87 2003/03/05 07:17:49 guy Exp $ * * Simon Wilkinson <sxw@dcs.ed.ac.uk> * @@ -848,7 +848,7 @@ dissect_atp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { hdr = ATP_HDRSIZE -1; if (frag_number != 0) hdr += 4; /* asp header */ - len = tvb_length_remaining(tvb, hdr); + len = tvb_reported_length_remaining(tvb, hdr); fd_head = fragment_add_seq_check(tvb, hdr, pinfo, tid, atp_fragment_table, atp_reassembled_table, diff --git a/packet-dcerpc.c b/packet-dcerpc.c index 1f84028124..d3fcb7752f 100644 --- a/packet-dcerpc.c +++ b/packet-dcerpc.c @@ -2,7 +2,7 @@ * Routines for DCERPC packet disassembly * Copyright 2001, Todd Sabin <tas@webspan.net> * - * $Id: packet-dcerpc.c,v 1.110 2003/02/24 01:22:20 guy Exp $ + * $Id: packet-dcerpc.c,v 1.111 2003/03/05 07:17:50 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -2182,7 +2182,7 @@ dissect_dcerpc_cn_stub (tvbuff_t *tvb, int offset, packet_info *pinfo, the data in the fragment, just call the handoff directly if this is the first fragment or the PDU isn't fragmented. */ if( (!dcerpc_reassemble) || PFC_NOT_FRAGMENTED(hdr) || - stub_length > length ){ + !tvb_bytes_exist(tvb, offset, stub_length) ){ if(hdr->flags&PFC_FIRST_FRAG){ /* First fragment, possibly the only fragment */ pinfo->fragmented = !PFC_NOT_FRAGMENTED(hdr); @@ -2197,10 +2197,10 @@ dissect_dcerpc_cn_stub (tvbuff_t *tvb, int offset, packet_info *pinfo, " [DCE/RPC fragment]"); } if (dcerpc_tree) { - if (length > 0) { - proto_tree_add_text (dcerpc_tree, tvb, offset, length, - "Fragment data (%d byte%s)", length, - plurality(length, "", "s")); + if (stub_length > 0) { + proto_tree_add_text (dcerpc_tree, tvb, offset, stub_length, + "Fragment data (%d byte%s)", stub_length, + plurality(stub_length, "", "s")); } } } @@ -2210,10 +2210,10 @@ dissect_dcerpc_cn_stub (tvbuff_t *tvb, int offset, packet_info *pinfo, of those mean we should attempt reassembly, and the third means we can attempt reassembly. */ if (dcerpc_tree) { - if (length > 0) { - proto_tree_add_text (dcerpc_tree, tvb, offset, length, - "Fragment data (%d byte%s)", length, - plurality(length, "", "s")); + if (stub_length > 0) { + proto_tree_add_text (dcerpc_tree, tvb, offset, stub_length, + "Fragment data (%d byte%s)", stub_length, + plurality(stub_length, "", "s")); } } if(hdr->flags&PFC_FIRST_FRAG){ /* FIRST fragment */ @@ -2221,7 +2221,7 @@ dissect_dcerpc_cn_stub (tvbuff_t *tvb, int offset, packet_info *pinfo, fragment_add(tvb, offset, pinfo, frame, dcerpc_co_reassemble_table, 0, - length, + stub_length, TRUE); fragment_set_tot_len(pinfo, frame, dcerpc_co_reassemble_table, alloc_hint); @@ -2241,7 +2241,7 @@ dissect_dcerpc_cn_stub (tvbuff_t *tvb, int offset, packet_info *pinfo, frame, dcerpc_co_reassemble_table, tot_len-alloc_hint, - length, + stub_length, TRUE); if(fd_head){ @@ -2274,7 +2274,7 @@ dissect_dcerpc_cn_stub (tvbuff_t *tvb, int offset, packet_info *pinfo, fragment_add(tvb, offset, pinfo, frame, dcerpc_co_reassemble_table, tot_len-alloc_hint, - length, + stub_length, TRUE); } if (check_col(pinfo->cinfo, COL_INFO)) { @@ -2346,9 +2346,9 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo, conv = find_conversation (&pinfo->src, &pinfo->dst, pinfo->ptype, pinfo->srcport, pinfo->destport, 0); if (!conv) { - length = tvb_length_remaining (tvb, offset); + length = tvb_reported_length_remaining (tvb, offset); if (length > 0) { - proto_tree_add_text (dcerpc_tree, tvb, offset, length, + proto_tree_add_text (dcerpc_tree, tvb, offset, -1, "Stub data (%d byte%s)", length, plurality(length, "", "s")); } @@ -2423,9 +2423,9 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo, hdr, &di, &auth_info, alloc_hint, value->req_frame); } else { - length = tvb_length_remaining (tvb, offset); + length = tvb_reported_length_remaining (tvb, offset); if (length > 0) { - proto_tree_add_text (dcerpc_tree, tvb, offset, length, + proto_tree_add_text (dcerpc_tree, tvb, offset, -1, "Stub data (%d byte%s)", length, plurality(length, "", "s")); } @@ -2472,9 +2472,9 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo, pinfo->srcport, pinfo->destport, 0); if (!conv) { /* no point in creating one here, really */ - length = tvb_length_remaining (tvb, offset); + length = tvb_reported_length_remaining (tvb, offset); if (length > 0) { - proto_tree_add_text (dcerpc_tree, tvb, offset, length, + proto_tree_add_text (dcerpc_tree, tvb, offset, -1, "Stub data (%d byte%s)", length, plurality(length, "", "s")); } @@ -2532,9 +2532,9 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo, hdr, &di, &auth_info, alloc_hint, value->rep_frame); } else { - length = tvb_length_remaining (tvb, offset); + length = tvb_reported_length_remaining (tvb, offset); if (length > 0) { - proto_tree_add_text (dcerpc_tree, tvb, offset, length, + proto_tree_add_text (dcerpc_tree, tvb, offset, -1, "Stub data (%d byte%s)", length, plurality(length, "", "s")); } @@ -2650,12 +2650,11 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo, reported_length = stub_length; /* If we don't have reassembly enabled, or this packet contains - the entire PDU, or if this is a short frame (or a frame - not reassembled at a lower layer) that doesn't include all - the data in the fragment, just call the handoff directly if - this is the first fragment or the PDU isn't fragmented. */ + the entire PDU, or if we don't have all the data in this + fragment, just call the handoff directly if this is the + first fragment or the PDU isn't fragmented. */ if( (!dcerpc_reassemble) || PFC_NOT_FRAGMENTED(hdr) || - stub_length > length ){ + !tvb_bytes_exist(tvb, offset, stub_length) ){ if(hdr->flags&PFC_FIRST_FRAG){ /* First fragment, possibly the only fragment */ /* @@ -2669,10 +2668,11 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo, * as well, as that might be protocol-specific. */ if (dcerpc_tree) { - if (length > 0) { - proto_tree_add_text (dcerpc_tree, tvb, offset, length, - "Fault stub data (%d byte%s)", length, - plurality(length, "", "s")); + if (stub_length > 0) { + proto_tree_add_text (dcerpc_tree, tvb, offset, stub_length, + "Fault stub data (%d byte%s)", + stub_length, + plurality(stub_length, "", "s")); } } } else { @@ -2682,10 +2682,11 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo, " [DCE/RPC fragment]"); } if (dcerpc_tree) { - if (length > 0) { - proto_tree_add_text (dcerpc_tree, tvb, offset, length, - "Fragment data (%d byte%s)", length, - plurality(length, "", "s")); + if (stub_length > 0) { + proto_tree_add_text (dcerpc_tree, tvb, offset, stub_length, + "Fragment data (%d byte%s)", + stub_length, + plurality(stub_length, "", "s")); } } } @@ -2696,9 +2697,10 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo, third means we can attempt reassembly. */ if (dcerpc_tree) { if (length > 0) { - proto_tree_add_text (dcerpc_tree, tvb, offset, length, - "Fragment data (%d byte%s)", length, - plurality(length, "", "s")); + proto_tree_add_text (dcerpc_tree, tvb, offset, stub_length, + "Fragment data (%d byte%s)", + stub_length, + plurality(stub_length, "", "s")); } } if(hdr->flags&PFC_FIRST_FRAG){ /* FIRST fragment */ @@ -2706,7 +2708,7 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo, fragment_add(tvb, offset, pinfo, value->rep_frame, dcerpc_co_reassemble_table, 0, - length, + stub_length, TRUE); fragment_set_tot_len(pinfo, value->rep_frame, dcerpc_co_reassemble_table, alloc_hint); @@ -2726,7 +2728,7 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo, value->rep_frame, dcerpc_co_reassemble_table, tot_len-alloc_hint, - length, + stub_length, TRUE); if(fd_head){ @@ -2751,9 +2753,10 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo, */ if (dcerpc_tree) { if (length > 0) { - proto_tree_add_text (dcerpc_tree, tvb, offset, length, - "Fault stub data (%d byte%s)", length, - plurality(length, "", "s")); + proto_tree_add_text (dcerpc_tree, tvb, offset, stub_length, + "Fault stub data (%d byte%s)", + stub_length, + plurality(stub_length, "", "s")); } } } else { @@ -2773,7 +2776,7 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo, fragment_add(tvb, offset, pinfo, value->rep_frame, dcerpc_co_reassemble_table, tot_len-alloc_hint, - length, + stub_length, TRUE); } if (check_col(pinfo->cinfo, COL_INFO)) { @@ -2852,7 +2855,7 @@ dissect_dcerpc_cn (tvbuff_t *tvb, int offset, packet_info *pinfo, offset += 4; if (can_desegment && pinfo->can_desegment - && hdr.frag_len > tvb_length_remaining (tvb, start_offset)) { + && !tvb_bytes_exist(tvb, start_offset, hdr.frag_len)) { pinfo->desegment_offset = start_offset; pinfo->desegment_len = hdr.frag_len - tvb_length_remaining (tvb, start_offset); return 0; /* desegmentation required */ @@ -3239,7 +3242,7 @@ dissect_dcerpc_dg_stub (tvbuff_t *tvb, int offset, packet_info *pinfo, the data in the fragment, just call the handoff directly if this is the first fragment or the PDU isn't fragmented. */ if( (!dcerpc_reassemble) || !(hdr->flags1 & PFCL1_FRAG) || - stub_length > length ) { + !tvb_bytes_exist(tvb, offset, stub_length) ){ if(hdr->frag_num == 0) { /* First fragment, possibly the only fragment */ @@ -3258,10 +3261,11 @@ dissect_dcerpc_dg_stub (tvbuff_t *tvb, int offset, packet_info *pinfo, } if (dcerpc_tree) { if (length > 0) { - proto_tree_add_text (dcerpc_tree, tvb, offset, length, - "Fragment data (%d byte%s)", length, - plurality(length, "", "s")); - } + proto_tree_add_text (dcerpc_tree, tvb, offset, stub_length, + "Fragment data (%d byte%s)", + stub_length, + plurality(stub_length, "", "s")); + } } } } else { @@ -3271,15 +3275,16 @@ dissect_dcerpc_dg_stub (tvbuff_t *tvb, int offset, packet_info *pinfo, third means we can attempt reassembly. */ if (dcerpc_tree) { if (length > 0) { - proto_tree_add_text (dcerpc_tree, tvb, offset, length, - "Fragment data (%d byte%s)", length, - plurality(length, "", "s")); + proto_tree_add_text (dcerpc_tree, tvb, offset, stub_length, + "Fragment data (%d byte%s)", stub_length, + plurality(stub_length, "", "s")); } } fd_head = fragment_add_seq(tvb, offset, pinfo, hdr->seqnum, dcerpc_cl_reassemble_table, - hdr->frag_num, length, !(hdr->flags1 & PFCL1_LASTFRAG)); + hdr->frag_num, stub_length, + !(hdr->flags1 & PFCL1_LASTFRAG)); if (fd_head != NULL) { /* We completed reassembly */ tvbuff_t *next_tvb; diff --git a/packet-smb-pipe.c b/packet-smb-pipe.c index abafeaef95..db82e60077 100644 --- a/packet-smb-pipe.c +++ b/packet-smb-pipe.c @@ -8,7 +8,7 @@ XXX Fixme : shouldnt show [malformed frame] for long packets * significant rewrite to tvbuffify the dissector, Ronnie Sahlberg and * Guy Harris 2001 * - * $Id: packet-smb-pipe.c,v 1.88 2003/02/28 03:00:59 guy Exp $ + * $Id: packet-smb-pipe.c,v 1.89 2003/03/05 07:17:50 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -3203,6 +3203,7 @@ dissect_pipe_dcerpc(tvbuff_t *d_tvb, packet_info *pinfo, proto_tree *parent_tree smb_info_t *smb_priv = (smb_info_t *)pinfo->private_data; gboolean result; gboolean save_fragmented; + guint reported_len; dcerpc_priv.transport_type = DCERPC_TRANSPORT_SMB; dcerpc_priv.data.smb.fid = fid; @@ -3210,15 +3211,14 @@ dissect_pipe_dcerpc(tvbuff_t *d_tvb, packet_info *pinfo, proto_tree *parent_tree pinfo->private_data = &dcerpc_priv; /* - * Offer desegmentation service to DCERPC if this packet - * isn't fragmented or short. Otherwise, reassembly is - * (probably) impossible. + * Offer desegmentation service to DCERPC if we have all the + * data. Otherwise, reassembly is (probably) impossible. */ pinfo->can_desegment=0; pinfo->desegment_offset = 0; pinfo->desegment_len = 0; - if(smb_dcerpc_reassembly && !pinfo->fragmented && - tvb_length(d_tvb) >= tvb_reported_length(d_tvb)){ + reported_len = tvb_reported_length(d_tvb); + if(smb_dcerpc_reassembly && tvb_bytes_exist(d_tvb, 0, reported_len)){ pinfo->can_desegment=2; } @@ -3255,10 +3255,10 @@ dissect_pipe_dcerpc(tvbuff_t *d_tvb, packet_info *pinfo, proto_tree *parent_tree if(smb_dcerpc_reassembly && !pinfo->fd->flags.visited && pinfo->desegment_len){ fragment_add(d_tvb, 0, pinfo, pinfo->fd->num, dcerpc_fragment_table, - 0, tvb_length(d_tvb), TRUE); + 0, reported_len, TRUE); fragment_set_tot_len(pinfo, pinfo->fd->num, dcerpc_fragment_table, - pinfo->desegment_len+tvb_length(d_tvb)); + pinfo->desegment_len+reported_len); /* since the other fragments are in normal ReadAndX and WriteAndX calls we must make sure we can map FID values to this defragmentation session */ diff --git a/packet-sna.c b/packet-sna.c index 06d463c6b1..1fc5f6c729 100644 --- a/packet-sna.c +++ b/packet-sna.c @@ -3,7 +3,7 @@ * Gilbert Ramirez <gram@alumni.rice.edu> * Jochen Friedrich <jochen@scram.de> * - * $Id: packet-sna.c,v 1.45 2003/03/02 21:47:45 guy Exp $ + * $Id: packet-sna.c,v 1.46 2003/03/05 07:17:50 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -1681,6 +1681,7 @@ defragment_by_sequence(packet_info *pinfo, tvbuff_t *tvb, int offset, int mpf, int frag_number = -1; int more_frags = TRUE; tvbuff_t *rh_tvb = NULL; + gint frag_len; /* Determine frag_number and more_frags */ switch(mpf) { @@ -1703,34 +1704,39 @@ defragment_by_sequence(packet_info *pinfo, tvbuff_t *tvb, int offset, int mpf, /* If sna_defragment is on, and this is a fragment.. */ if (frag_number > -1) { - /* XXX - check length ??? */ - fd_head = fragment_add_seq(tvb, offset, pinfo, id, - sna_fragment_table, frag_number, - tvb_length_remaining(tvb, offset), more_frags); - - /* We added the LAST segment and reassembly didn't complete. Insert - * a zero-length MIDDLE segment to turn a 2-frame BIU-fragmentation - * into a 3-frame BIU-fragmentation (empty middle frag). - * See above long comment about this trickery. */ - - if (mpf == MPF_LAST_SEGMENT && !fd_head) { + frag_len = tvb_reported_length_remaining(tvb, offset); + if (tvb_bytes_exist(tvb, offset, frag_len)) { fd_head = fragment_add_seq(tvb, offset, pinfo, id, - sna_fragment_table, MIDDLE_FRAG_NUMBER, 0, TRUE); - } - - if (fd_head != NULL) { - /* We have the complete reassembled payload. */ - rh_tvb = tvb_new_real_data(fd_head->data, - fd_head->len, fd_head->len); - - /* Add the tvbuff to the chain of tvbuffs so that - * it will get cleaned up too. */ - tvb_set_child_real_data_tvbuff(tvb, rh_tvb); - - /* Add the defragmented data to the data source list. */ - add_new_data_source(pinfo, rh_tvb, - "Reassembled SNA BIU"); + sna_fragment_table, frag_number, frag_len, + more_frags); + + /* We added the LAST segment and reassembly didn't + * complete. Insert a zero-length MIDDLE segment to + * turn a 2-frame BIU-fragmentation into a 3-frame + * BIU-fragmentation (empty middle frag). + * See above long comment about this trickery. */ + + if (mpf == MPF_LAST_SEGMENT && !fd_head) { + fd_head = fragment_add_seq(tvb, offset, pinfo, + id, sna_fragment_table, + MIDDLE_FRAG_NUMBER, 0, TRUE); + } + + if (fd_head != NULL) { + /* We have the complete reassembled payload. */ + rh_tvb = tvb_new_real_data(fd_head->data, + fd_head->len, fd_head->len); + + /* Add the tvbuff to the chain of tvbuffs + * so that it will get cleaned up too. */ + tvb_set_child_real_data_tvbuff(tvb, rh_tvb); + + /* Add the defragmented data to the data + * source list. */ + add_new_data_source(pinfo, rh_tvb, + "Reassembled SNA BIU"); + } } } return rh_tvb; diff --git a/packet-tcp.c b/packet-tcp.c index 44e33b6c3b..7ec1fdaf00 100644 --- a/packet-tcp.c +++ b/packet-tcp.c @@ -1,7 +1,7 @@ /* packet-tcp.c * Routines for TCP packet disassembly * - * $Id: packet-tcp.c,v 1.185 2003/03/04 04:36:44 sharpe Exp $ + * $Id: packet-tcp.c,v 1.186 2003/03/05 07:17:50 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -1829,7 +1829,6 @@ dissect_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) guint bpos; guint optlen; guint32 nxtseq; - guint len; guint reported_len; vec_t cksum_vec[4]; guint32 phdr[2]; @@ -1896,7 +1895,6 @@ dissect_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) tcph->th_hlen = hi_nibble(th_off_x2) * 4; /* TCP header length, in bytes */ reported_len = tvb_reported_length(tvb); - len = tvb_length(tvb); /* Compute the length of data in this segment. */ tcph->th_seglen = reported_len - tcph->th_hlen; @@ -2000,7 +1998,7 @@ dissect_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) */ pinfo->can_desegment = 0; th_sum = tvb_get_ntohs(tvb, offset + 16); - if (!pinfo->fragmented && len >= reported_len) { + if (!pinfo->fragmented && tvb_bytes_exist(tvb, 0, reported_len)) { /* The packet isn't part of an un-reassembled fragmented datagram and isn't truncated. This means we have all the data, and thus can checksum it and, unless it's being returned in an error @@ -2034,7 +2032,7 @@ dissect_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) g_assert_not_reached(); break; } - cksum_vec[3].ptr = tvb_get_ptr(tvb, offset, len); + cksum_vec[3].ptr = tvb_get_ptr(tvb, offset, reported_len); cksum_vec[3].len = reported_len; computed_cksum = in_cksum(&cksum_vec[0], 4); if (computed_cksum == 0) { diff --git a/packet-wtp.c b/packet-wtp.c index 007c29db0c..96a57f0e8c 100644 --- a/packet-wtp.c +++ b/packet-wtp.c @@ -2,7 +2,7 @@ * * Routines to dissect WTP component of WAP traffic. * - * $Id: packet-wtp.c,v 1.42 2002/12/19 11:22:38 sahlberg Exp $ + * $Id: packet-wtp.c,v 1.43 2003/03/05 07:17:50 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -595,15 +595,16 @@ dissect_wtp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) * Any remaining data ought to be WSP data (if not WTP ACK, NACK * or ABORT pdu), so hand off (defragmented) to the WSP dissector */ - if ((tvb_length_remaining(tvb, offCur + cbHeader + vHeader) > 0) && + if ((tvb_reported_length_remaining(tvb, offCur + cbHeader + vHeader) > 0) && ! ((pdut==ACK) || (pdut==NEGATIVE_ACK) || (pdut==ABORT))) { int dataOffset = offCur + cbHeader + vHeader; - guint32 dataLen = tvb_length_remaining(tvb, offCur + cbHeader + vHeader); + gint dataLen = tvb_reported_length_remaining(tvb, dataOffset); gboolean save_fragmented; - if ((pdut == SEGMENTED_INVOKE) || (pdut == SEGMENTED_RESULT) || - (((pdut == INVOKE) || (pdut == RESULT)) && (!fTTR))) + if (((pdut == SEGMENTED_INVOKE) || (pdut == SEGMENTED_RESULT) || + (((pdut == INVOKE) || (pdut == RESULT)) && (!fTTR))) && + tvb_bytes_exist(tvb, dataOffset, dataLen)) { /* 1st part of segment */ save_fragmented = pinfo->fragmented; pinfo->fragmented = TRUE; @@ -632,9 +633,13 @@ dissect_wtp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) } pinfo->fragmented = save_fragmented; } - else /* Normal packet, call next dissector */ + else { - wsp_tvb = tvb_new_subset(tvb, dataOffset, -1, dataLen); + /* + * Normal packet, or not all the fragment data is available; + * call next dissector. + */ + wsp_tvb = tvb_new_subset(tvb, dataOffset, -1, -1); call_dissector(wsp_handle, wsp_tvb, pinfo, tree); } } |