Skip to content

Commit 2cb5985

Browse files
committed
Make class "type" for USB conversations.
USB dissectors can't assume that only their class type has been passed around in the conversation. Make explicit check that class type expected matches the dissector and stop/prevent dissection if there isn't a match. Bug: 12356 Change-Id: Ib23973a4ebd0fbb51952ffc118daf95e3389a209 Reviewed-on: https://code.wireshark.org/review/15212 Petri-Dish: Michael Mann <mmann78@netscape.net> Reviewed-by: Martin Kaiser <wireshark@kaiser.cx> Petri-Dish: Martin Kaiser <wireshark@kaiser.cx> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
1 parent 7c79da8 commit 2cb5985

File tree

5 files changed

+20
-2
lines changed

5 files changed

+20
-2
lines changed

Diff for: epan/dissectors/packet-u3v.c

+4
Original file line numberDiff line numberDiff line change
@@ -1683,6 +1683,10 @@ dissect_u3v(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
16831683
if (!u3v_conv_info) {
16841684
u3v_conv_info = wmem_new0(wmem_file_scope(), u3v_conv_info_t);
16851685
usb_conv_info->class_data = u3v_conv_info;
1686+
usb_conv_info->class_data_type = USB_CONV_U3V;
1687+
} else if (usb_conv_info->class_data_type != USB_CONV_U3V) {
1688+
/* Don't dissect if another USB type is in the conversation */
1689+
return 0;
16861690
}
16871691

16881692
prefix = tvb_get_letohl(tvb, 0);

Diff for: epan/dissectors/packet-usb-audio.c

+4
Original file line numberDiff line numberDiff line change
@@ -435,8 +435,12 @@ dissect_ac_if_hdr_body(tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
435435
if(!audio_conv_info) {
436436
audio_conv_info = wmem_new(wmem_file_scope(), audio_conv_info_t);
437437
usb_conv_info->class_data = audio_conv_info;
438+
usb_conv_info->class_data_type = USB_CONV_AUDIO;
438439
/* XXX - set reasonable default values for all components
439440
that are not filled in by this function */
441+
} else if (usb_conv_info->class_data_type != USB_CONV_AUDIO) {
442+
/* Don't dissect if another USB type is in the conversation */
443+
return 0;
440444
}
441445
audio_conv_info->ver_major = ver_major;
442446
offset += 2;

Diff for: epan/dissectors/packet-usb-masstorage.c

+4-1
Original file line numberDiff line numberDiff line change
@@ -199,9 +199,12 @@ dissect_usb_ms_bulk(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree,
199199
usb_ms_conv_info->itl=wmem_tree_new(wmem_file_scope());
200200
usb_ms_conv_info->itlq=wmem_tree_new(wmem_file_scope());
201201
usb_conv_info->class_data=usb_ms_conv_info;
202+
usb_conv_info->class_data_type = USB_CONV_MASS_STORAGE;
203+
} else if (usb_conv_info->class_data_type != USB_CONV_MASS_STORAGE) {
204+
/* Don't dissect if another USB type is in the conversation */
205+
return 0;
202206
}
203207

204-
205208
is_request=(pinfo->srcport==NO_ENDPOINT);
206209

207210
col_set_str(pinfo->cinfo, COL_PROTOCOL, "USBMS");

Diff for: epan/dissectors/packet-usb-video.c

+4
Original file line numberDiff line numberDiff line change
@@ -1035,6 +1035,10 @@ dissect_usb_video_control_interface_descriptor(proto_tree *parent_tree, tvbuff_t
10351035
video_conv_info = wmem_new(wmem_file_scope(), video_conv_info_t);
10361036
video_conv_info->entities = wmem_tree_new(wmem_file_scope());
10371037
usb_conv_info->class_data = video_conv_info;
1038+
usb_conv_info->class_data_type = USB_CONV_VIDEO;
1039+
} else if (usb_conv_info->class_data_type != USB_CONV_VIDEO) {
1040+
/* Stop dissection if another USB type is in the conversation */
1041+
return descriptor_len;
10381042
}
10391043

10401044
entity = (video_entity_t*) wmem_tree_lookup32(video_conv_info->entities, entity_id);

Diff for: epan/dissectors/packet-usb.h

+4-1
Original file line numberDiff line numberDiff line change
@@ -90,6 +90,8 @@ typedef struct _usb_trans_info_t {
9090
guint64 usb_id;
9191
} usb_trans_info_t;
9292

93+
enum usb_conv_class_data_type {USB_CONV_UNKNOWN = 0, USB_CONV_U3V, USB_CONV_AUDIO, USB_CONV_VIDEO, USB_CONV_MASS_STORAGE};
94+
9395
/* Conversation Structure
9496
* there is one such structure for each device/endpoint conversation */
9597
struct _usb_conv_info_t {
@@ -113,7 +115,8 @@ struct _usb_conv_info_t {
113115
wmem_tree_t *transactions;
114116
usb_trans_info_t *usb_trans_info; /* pointer to the current transaction */
115117

116-
void *class_data; /* private class/id decode data */
118+
void *class_data; /* private class/id decode data */
119+
enum usb_conv_class_data_type class_data_type;
117120

118121
wmem_array_t *alt_settings;
119122
};

0 commit comments

Comments
 (0)