osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

Add a bounds check. 

AirPDcapStoreSa() was assuming that ctx->first_free_index would always
be within the ctx->sa array; nothing guarantees that.  Fail if it's past
the end of the array; that means there *are* no free indices.

Change-Id: I73145ea3f3dda1b3800a41fa3a2b01ac344dcbfc
Reviewed-on: https://code.wireshark.org/review/9634
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This commit is contained in:
Guy Harris 2015-07-14 11:50:08 -07:00
parent 9230834fbe
commit 4f1b8d7433
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
epan/crypt/airpdcap.c
View File

@ -1555,6 +1555,10 @@ AirPDcapStoreSa(
{
INT last_free;
if (ctx->first_free_index>=AIRPDCAP_MAX_SEC_ASSOCIATIONS_NR) {
/* there is no empty space available. FAILURE */
return -1;
}
if (ctx->sa[ctx->first_free_index].used) {
/* last addition was in the middle of the array (and the first_free_index was just incremented by 1) */
/* search for a free space from the first_free_index to AIRPDCAP_STA_INFOS_NR (to avoid free blocks in */