Wireshark-commits: [Wireshark-commits] master 46dc5f7: sccp: fix data reassembly with multiple frag
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Tue, 22 May 2018 10:44:23 +0000
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=46dc5f751697a27b04945fb22a74009b691b0ad9
Submitter: Anders Broman (a.broman58@xxxxxxxxx)
Changed: branch: master
Repository: wireshark

Commits:

46dc5f7 by Peter Wu (peter@xxxxxxxxxxxxx):

    sccp: fix data reassembly with multiple fragments
    
    Reuse of the "destination local reference" as identifier for fragments
    in the reassembly table resulted in incorrect tracking of fragments.
    This results in the following user-visible issues:
    - "Reassembled in" in wrong packets after each message.
    - "Reassembled in" is shown even for a single, finished fragment.
    - Reassembled data is not displayed in the second pass/GUI when a single
      packet contains multiple completed fragments (with "no more data").
    
    The first issue occurs because newer fragments overwrite earlier
    reassembled results (due to ID collision). As a result, each fragment
    will show information about the last fragment.
    
    The second issue occurs because earlier reassembled results were found
    for the given colliding ID.
    
    The third issue occurs because of a subtle issue related to matching
    "pinfo->curr_layer_num" against the value at the moment when a
    reassembly was completed ("reas_in_layer_num"). Even though
    "fragment_add_seq_next" returns a finished reassembly head,
    "process_reassembled_data" will not return a tvb because the layer
    numbers do not match.
    
    If the last frame has multiple fragments, then the above prevents the
    first fragment from being displayed. One might expect that the final
    finished fragment is correctly shown, but that is also not the case.
    In the first pass, the first fragment would be passed to a subdissector,
    this increments "pinfo->curr_layer_num". In the second pass, this
    subdissector is not invoked and the number will be smaller. As the layer
    again do not match, no reassembled result is shown either.
    
    To tackle the above issues, make the reassembly ID really unique for
    each group of fragments and make these IDs available in the second pass.
    
    Tested with tshark -V (with and without -2, the output should match) and
    the GUI using sccp_reasseble_1.pcap and rnsap_error.cap.
    
    Bug: 3360
    Bug: 11130
    Change-Id: Ic5a8d69ab8b86d53ade35f242a18153952d7de1e
    Reviewed-on: https://code.wireshark.org/review/27676
    Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
    Tested-by: Petri Dish Buildbot
    Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
    

Actions performed:

    from  fc6dd90   nas-5gs: Return if the message isn't 5GS.
    adds  46dc5f7   sccp: fix data reassembly with multiple fragments


Summary of changes:
 epan/dissectors/packet-sccp.c | 178 +++++++++++++++++++++++++++++-------------
 1 file changed, 125 insertions(+), 53 deletions(-)