Wireshark-dev: Re: [Wireshark-dev] [Patch] Fix for bug #1163: "Dissector bug. ISO8073COTP proto
From: Stephen Fisher <[email protected]>
Date: Fri, 10 Nov 2006 14:42:23 -0800
Please apply the attached patch which is a new more accurate fix for bug 
#1163.  Thanks to Graeme Lunt for pointing out that the first patch 
broke a different capture with legitimate SES data in it.  My patch also 
corrects the check for number of bytes existing from 4 to 2 as the 
minimum length of an SES PDU is only 2 bytes: 1 byte type, 1 byte 
length.


Steve

Index: epan/dissectors/packet-ses.c
===================================================================
--- epan/dissectors/packet-ses.c	(revision 19874)
+++ epan/dissectors/packet-ses.c	(working copy)
@@ -1777,7 +1777,7 @@
 	guint16 len;
 
 	/* first, check do we have at least 4 bytes (type+length) */
-	if (!tvb_bytes_exist(tvb, 0, 4))
+	if (!tvb_bytes_exist(tvb, 0, 2))
 		return FALSE;	/* no */
 
 	/* can we recognize session PDU ? Return FALSE if  not */
@@ -1789,6 +1789,17 @@
 		return FALSE;  /* no, it isn't a session PDU */
 	}
 
+	/* can we recognize the second session PDU ? Return FALSE if not */
+	if(tvb_bytes_exist(tvb, 2, 2)) { /* Make sure there is a second one */
+		/*   get SPDU type */
+		type = tvb_get_guint8(tvb, offset+4);
+		/* check SPDU type */
+		if (match_strval(type, ses_vals) == NULL)
+			{
+				return FALSE;  /* no, it isn't a session PDU */
+			}
+	}
+
 	/* some Siemens SIMATIC protocols also use COTP, and shouldn't be 
 	 * misinterpreted as SES.
 	 * the starter in this case is fixed to 0x32 (SES_MINOR_SYNC_ACK for SES), 
@@ -1803,8 +1814,6 @@
 	/*  OK,let's check SPDU length  */
 	/*  get length of SPDU */
 	len = get_item_len(tvb, offset+1, &len_len);
-	if(len == 0)
-		return FALSE; /* Not a valid PDU */
 
 	/*  add header length     */
 	len+=len_len;