On Wed, May 04, 2011 at 10:27:32PM +0200, Sake Blok wrote:
> On 4 mei 2011, at 22:11, Jeff Morriss wrote:
> > I would think desegment_tcp() should be able to handle this by not calling your dissector for an out-of-order segment:
> it should be able to only call your dissector once it has a completely reassembled (desegmented) PDU.
> Looking through the code, it's not immediately obvious to me what the problem is.
>
> One case that can cause a problem is when the first segment of a PDU is received out-of-order.
Can we test when creating PDU if created PDU overlaps with another one?
Attaching PoC.
diff --git epan/dissectors/packet-tcp.c epan/dissectors/packet-tcp.c
index 58bbb5a..ad0648d 100644
--- epan/dissectors/packet-tcp.c
+++ epan/dissectors/packet-tcp.c
@@ -1940,6 +1940,19 @@ again:
fragment_add(tvb, deseg_offset, pinfo, msp->first_frame,
tcp_fragment_table, 0, nxtseq - deseg_seq,
LT_SEQ(nxtseq, msp->nxtpdu));
+
+ /* check if we've already have PDU which overlaps with this one */
+ {
+ struct tcp_multisegment_pdu *msp2 = se_tree_lookup32_le(tcpd->fwd->multisegment_pdus, msp->nxtpdu);
+
+ /* msp2 should never be NULL */
+ if (msp2 != NULL && msp2 != msp) {
+ /*
+ * XXX, what can we do here?
+ */
+ g_warning("XXX, msp != msp2 (%u...%u %u)\n", msp->seq, msp->nxtpdu, msp2->seq);
+ }
+ }
}
}