On Wed, May 04, 2011 at 10:27:32PM +0200, Sake Blok wrote:
> On 4 mei 2011, at 22:11, Jeff Morriss wrote:
> > I would think desegment_tcp() should be able to handle this by not calling
> > your dissector for an out-of-order segment:
> it should be able to only call your dissector once it has a completely
> reassembled (desegmented) PDU.
> Looking through the code, it's not immediately obvious to me what the problem
> is.
>
> One case that can cause a problem is when the first segment of a PDU is
> received out-of-order.
Can we test when creating PDU if created PDU overlaps with another one?
Attaching PoC.
diff --git epan/dissectors/packet-tcp.c epan/dissectors/packet-tcp.c
index 58bbb5a..ad0648d 100644
--- epan/dissectors/packet-tcp.c
+++ epan/dissectors/packet-tcp.c
@@ -1940,6 +1940,19 @@ again:
fragment_add(tvb, deseg_offset, pinfo, msp->first_frame,
tcp_fragment_table, 0, nxtseq - deseg_seq,
LT_SEQ(nxtseq, msp->nxtpdu));
+
+ /* check if we've already have PDU which overlaps with
this one */
+ {
+ struct tcp_multisegment_pdu *msp2 =
se_tree_lookup32_le(tcpd->fwd->multisegment_pdus, msp->nxtpdu);
+
+ /* msp2 should never be NULL */
+ if (msp2 != NULL && msp2 != msp) {
+ /*
+ * XXX, what can we do here?
+ */
+ g_warning("XXX, msp != msp2 (%u...%u
%u)\n", msp->seq, msp->nxtpdu, msp2->seq);
+ }
+ }
}
}
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
