I have found three more bugs in the dissect_pppmux() function of
packet-ppp.c. A patch is attached.
First, the length of the header of a sub-frame may be miscalculated if
if the PID field is not present, but was present in a previous
sub-frame. The calculation of the header length will use the value from
the previous sub-frame.
Second, correct the typo "ength" to "length".
Third, the length of the current sub-frame was not passed as the
reported length to a sub-dissector. When the sub-dissector calls
tvb_reported_length(), the function returns the length of the complete
frame and not the length of the sub-frame to be dissected.
Regards,
Don
--- packet-ppp.c.orig 2006-08-27 20:31:09.207622400 -0700
+++ packet-ppp.c 2006-09-04 01:13:38.767136500 -0700
@@ -3012,6 +3012,7 @@
pid_field = 2;
}
} else {
+ pid_field = 0; /*PID field is 0 bytes*/
if (!pid){ /*No Last PID, hence use the default */
if (pppmux_def_prot_id)
pid = pppmux_def_prot_id;
@@ -3034,7 +3035,7 @@
proto_tree_add_text(flag_tree,tvb,offset,length_field,"%s",
decode_boolean_bitfield(flags,0x80,8,"PID Present","PID not present"));
proto_tree_add_text(flag_tree,tvb,offset,length_field,"%s",
- decode_boolean_bitfield(flags,0x40,8,"2 bytes ength field ","1 byte length field"));
+ decode_boolean_bitfield(flags,0x40,8,"2 bytes length field ","1 byte length field"));
ti = proto_tree_add_text(hdr_tree,tvb,offset,length_field,"Sub-frame Length = %u",length);
@@ -3050,7 +3051,7 @@
sub_ti = proto_tree_add_text(sub_tree,tvb,offset,length,"Information Field");
info_tree = proto_item_add_subtree(sub_ti,ett_pppmux_subframe_info);
- next_tvb = tvb_new_subset(tvb,offset,length,-1);
+ next_tvb = tvb_new_subset(tvb,offset,length,length);
if (!dissector_try_port(ppp_subdissector_table, pid, next_tvb, pinfo, info_tree)) {
call_dissector(data_handle, next_tvb, pinfo, info_tree);
