diff --git a/epan/dissectors/packet-zbee-security.c b/epan/dissectors/packet-zbee-security.c index 14fdb0a..34bc1a8 100644 --- a/epan/dissectors/packet-zbee-security.c +++ b/epan/dissectors/packet-zbee-security.c @@ -590,11 +590,9 @@ dissect_zbee_secure(tvbuff_t *tvb, packet_info *pinfo, proto_tree* tree, guint o } /* Check for null payload. */ - if ( !(payload_len = tvb_reported_length_remaining(tvb, offset+mic_len)) ) { + payload_len = tvb_captured_length_remaining(tvb, offset+mic_len); + if (payload_len == 0) return NULL; - } else if ( payload_len < 0 ) { - THROW(ReportedBoundsError); - } /********************************************** * Perform Security Operations on the Frame * @@ -606,10 +604,31 @@ dissect_zbee_secure(tvbuff_t *tvb, packet_info *pinfo, proto_tree* tree, guint o (packet.level == ZBEE_SEC_MIC128)) { /* Payload is only integrity protected. Just return the sub-tvbuff. */ - return tvb_new_subset(tvb, offset, payload_len, payload_len); + return tvb_new_subset_length(tvb, offset, payload_len); } #ifdef HAVE_LIBGCRYPT + /* Have we captured all the payload? */ + if (tvb_length_remaining(tvb, offset+mic_len) < payload_len) { + /* + * No - don't try to decrypt it. + * + * XXX - it looks as if the decryption code is assuming we have the + * MIC, which won't be the case if the packet was cut short. Is + * that in fact that case, or can we still make this work with a + * partially-captured packet? + */ + /* Add expert info. */ + expert_add_info_format(pinfo, sec_tree, PI_UNDECODED, PI_WARN, + "Encrypted payload, cut short when capturing - can't decrypt"); + /* Create a buffer for the undecrypted payload. */ + payload_tvb = tvb_new_subset_length(tvb, offset, payload_len); + /* Dump the payload to the data dissector. */ + call_dissector(data_handle, payload_tvb, pinfo, tree); + /* Couldn't decrypt, so return NULL. */ + return NULL; + } + /* Allocate memory to decrypt the payload into. */ dec_buffer = (guint8 *)g_malloc(payload_len);