|
 |
dbc6ab |
diff --git a/epan/dissectors/packet-zbee-security.c b/epan/dissectors/packet-zbee-security.c
|
|
|
dbc6ab |
index 14fdb0a..34bc1a8 100644
|
|
|
dbc6ab |
--- a/epan/dissectors/packet-zbee-security.c
|
|
|
dbc6ab |
+++ b/epan/dissectors/packet-zbee-security.c
|
|
|
dbc6ab |
@@ -590,11 +590,9 @@ dissect_zbee_secure(tvbuff_t *tvb, packet_info *pinfo, proto_tree* tree, guint o
|
|
|
dbc6ab |
}
|
|
|
dbc6ab |
|
|
|
dbc6ab |
/* Check for null payload. */
|
|
|
dbc6ab |
- if ( !(payload_len = tvb_reported_length_remaining(tvb, offset+mic_len)) ) {
|
|
|
dbc6ab |
+ payload_len = tvb_captured_length_remaining(tvb, offset+mic_len);
|
|
|
dbc6ab |
+ if (payload_len == 0)
|
|
|
dbc6ab |
return NULL;
|
|
|
dbc6ab |
- } else if ( payload_len < 0 ) {
|
|
|
dbc6ab |
- THROW(ReportedBoundsError);
|
|
|
dbc6ab |
- }
|
|
|
dbc6ab |
|
|
|
dbc6ab |
/**********************************************
|
|
|
dbc6ab |
* Perform Security Operations on the Frame *
|
|
|
dbc6ab |
@@ -606,10 +604,31 @@ dissect_zbee_secure(tvbuff_t *tvb, packet_info *pinfo, proto_tree* tree, guint o
|
|
|
dbc6ab |
(packet.level == ZBEE_SEC_MIC128)) {
|
|
|
dbc6ab |
|
|
|
dbc6ab |
/* Payload is only integrity protected. Just return the sub-tvbuff. */
|
|
|
dbc6ab |
- return tvb_new_subset(tvb, offset, payload_len, payload_len);
|
|
|
dbc6ab |
+ return tvb_new_subset_length(tvb, offset, payload_len);
|
|
|
dbc6ab |
}
|
|
|
dbc6ab |
|
|
|
dbc6ab |
#ifdef HAVE_LIBGCRYPT
|
|
|
dbc6ab |
+ /* Have we captured all the payload? */
|
|
|
dbc6ab |
+ if (tvb_length_remaining(tvb, offset+mic_len) < payload_len) {
|
|
|
dbc6ab |
+ /*
|
|
|
dbc6ab |
+ * No - don't try to decrypt it.
|
|
|
dbc6ab |
+ *
|
|
|
dbc6ab |
+ * XXX - it looks as if the decryption code is assuming we have the
|
|
|
dbc6ab |
+ * MIC, which won't be the case if the packet was cut short. Is
|
|
|
dbc6ab |
+ * that in fact that case, or can we still make this work with a
|
|
|
dbc6ab |
+ * partially-captured packet?
|
|
|
dbc6ab |
+ */
|
|
|
dbc6ab |
+ /* Add expert info. */
|
|
|
dbc6ab |
+ expert_add_info_format(pinfo, sec_tree, PI_UNDECODED, PI_WARN,
|
|
|
dbc6ab |
+ "Encrypted payload, cut short when capturing - can't decrypt");
|
|
|
dbc6ab |
+ /* Create a buffer for the undecrypted payload. */
|
|
|
dbc6ab |
+ payload_tvb = tvb_new_subset_length(tvb, offset, payload_len);
|
|
|
dbc6ab |
+ /* Dump the payload to the data dissector. */
|
|
|
dbc6ab |
+ call_dissector(data_handle, payload_tvb, pinfo, tree);
|
|
|
dbc6ab |
+ /* Couldn't decrypt, so return NULL. */
|
|
|
dbc6ab |
+ return NULL;
|
|
|
dbc6ab |
+ }
|
|
|
dbc6ab |
+
|
|
|
dbc6ab |
/* Allocate memory to decrypt the payload into. */
|
|
|
dbc6ab |
dec_buffer = (guint8 *)g_malloc(payload_len);
|
|
|
dbc6ab |
|