diff --git a/epan/dissectors/packet-zbee-security.c b/epan/dissectors/packet-zbee-security.c
index 14fdb0a..34bc1a8 100644
--- a/epan/dissectors/packet-zbee-security.c
+++ b/epan/dissectors/packet-zbee-security.c
@@ -590,11 +590,9 @@ dissect_zbee_secure(tvbuff_t *tvb, packet_info *pinfo, proto_tree* tree, guint o
}
/* Check for null payload. */
- if ( !(payload_len = tvb_reported_length_remaining(tvb, offset+mic_len)) ) {
+ payload_len = tvb_captured_length_remaining(tvb, offset+mic_len);
+ if (payload_len == 0)
return NULL;
- } else if ( payload_len < 0 ) {
- THROW(ReportedBoundsError);
- }
/**********************************************
* Perform Security Operations on the Frame *
@@ -606,10 +604,31 @@ dissect_zbee_secure(tvbuff_t *tvb, packet_info *pinfo, proto_tree* tree, guint o
(packet.level == ZBEE_SEC_MIC128)) {
/* Payload is only integrity protected. Just return the sub-tvbuff. */
- return tvb_new_subset(tvb, offset, payload_len, payload_len);
+ return tvb_new_subset_length(tvb, offset, payload_len);
}
#ifdef HAVE_LIBGCRYPT
+ /* Have we captured all the payload? */
+ if (tvb_length_remaining(tvb, offset+mic_len) < payload_len) {
+ /*
+ * No - don't try to decrypt it.
+ *
+ * XXX - it looks as if the decryption code is assuming we have the
+ * MIC, which won't be the case if the packet was cut short. Is
+ * that in fact that case, or can we still make this work with a
+ * partially-captured packet?
+ */
+ /* Add expert info. */
+ expert_add_info_format(pinfo, sec_tree, PI_UNDECODED, PI_WARN,
+ "Encrypted payload, cut short when capturing - can't decrypt");
+ /* Create a buffer for the undecrypted payload. */
+ payload_tvb = tvb_new_subset_length(tvb, offset, payload_len);
+ /* Dump the payload to the data dissector. */
+ call_dissector(data_handle, payload_tvb, pinfo, tree);
+ /* Couldn't decrypt, so return NULL. */
+ return NULL;
+ }
+
/* Allocate memory to decrypt the payload into. */
dec_buffer = (guint8 *)g_malloc(payload_len);