netflow: fix undefined shift

Treat any prefix length larger than 32 as 32 (effectively not masking anything) and treat a zero-length prefix as the empty mask (matching anything). Change-Id: If96b03c2f76ff7624d50fefdf0b025ab373c07dc Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1152 Bug: 13607 Reviewed-on: https://code.wireshark.org/review/21189 Reviewed-by: Peter Wu <peter@lekensteyn.nl> Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
LiptonB · Apr 18, 2017 · 870b3d2 · 870b3d2
1 parent 31b7e16
commit 870b3d2
Showing 1 changed file with 9 additions and 3 deletions.
diff --git a/epan/dissectors/packet-netflow.c b/epan/dissectors/packet-netflow.c
@@ -2288,7 +2288,7 @@ static int      dissect_v9_v10_options_template(tvbuff_t *tvb, packet_info *pinf
 static int      dissect_v9_v10_data_template(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pdutree,
                                     int offset, int len, hdrinfo_t *hdrinfo_p, guint16 flowset_id);
 
-static const gchar *getprefix(const guint32 *address, int prefix);
+static const gchar *getprefix(const guint32 *address, unsigned prefix);
 
 static int      flow_process_ints(proto_tree *pdutree, tvbuff_t *tvb,
                                   int offset);
@@ -7709,12 +7709,18 @@ dissect_pdu(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *pdutree, int offs
 }
 
 static const gchar   *
-getprefix(const guint32 *addr, int prefix)
+getprefix(const guint32 *addr, unsigned prefix)
 {
     guint32 gprefix;
     address prefix_addr;
 
-    gprefix = *addr & g_htonl((0xffffffff << (32 - prefix)));
+    if (prefix == 0) {
+        gprefix = 0;
+    } else if (prefix < 32) {
+        gprefix = *addr & g_htonl((0xffffffff << (32 - prefix)));
+    } else {
+        gprefix = *addr;
+    }
 
     set_address(&prefix_addr, AT_IPv4, 4, &gprefix);
     return address_to_str(wmem_packet_scope(), &prefix_addr);