SIP: authorization validation segfault on missing fields

Fix for segfaults caused by missing username and or realm fields when validating SIP authorization. Change-Id: Ia418f2a7f036ef706fcd6e4a766ea43098a6883d Reviewed-on: https://code.wireshark.org/review/35644 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
2020-01-04 22:02:11 +01:00 · 2020-01-04 22:02:11 +01:00 · 76c577aab4
parent 8b7caf5e9d
commit 76c577aab4
1 changed files with 2 additions and 1 deletions
--- a/epan/dissectors/packet-sip.c
+++ b/epan/dissectors/packet-sip.c
@ -4337,7 +4337,8 @@ dissect_sip_common(tvbuff_t *tvb, int offset, int remaining_length, packet_info
                                    }
                                    comma_offset++; /* skip comma */
                                }
-                                if ((authorization_info.response != NULL) && (global_sip_validate_authorization)) { /* If there is a response, check for valid credentials */
+                                if ((authorization_info.response != NULL) && (global_sip_validate_authorization) &&
+                                        (authorization_info.username != NULL) && (authorization_info.realm != NULL)) { /* If there is a response, check for valid credentials */
                                    authorization_user = sip_get_authorization(&authorization_info);
                                    if (authorization_user) {
                                        authorization_info.method = wmem_strdup(wmem_packet_scope(), stat_info->request_method);