giop: fix uninitialized use of request id

Move the req_id field to the "message-dependent data" section of the header struct, since in the spec I found it is not specified in the common GIOP header (even though it appears to be present in all message types). Regardless, this better reflects the fact that it is not initialized by the primary tvb_memcpy, only the independent fields are. Initialize it and use it rather than creating a local for no reason; fixes the possibility of using it uninitialized. Bug: 11123 Change-Id: I3bae1df5123fbb1f2b86f7c42cee392b5b045c4f Reviewed-on: https://code.wireshark.org/review/8087 Reviewed-by: Evan Huus <eapache@gmail.com>
2015-04-16 07:36:46 -04:00 · 2015-04-16 07:36:46 -04:00 · 8825b55303
parent 32bbe0af23
commit 8825b55303
2 changed files with 3 additions and 4 deletions
--- a/epan/dissectors/packet-giop.c
+++ b/epan/dissectors/packet-giop.c
@ -4830,17 +4830,16 @@ static int dissect_giop_common (tvbuff_t * tvb, packet_info * pinfo, proto_tree
    fragment_head *fd_head = NULL;
    tvbuff_t      *reassembled_tvb;
    guint frag_offset = 0;
-    int request_id;

    /* request id is the first 4 bytes */
-    request_id = get_CDR_ulong(payload_tvb, &frag_offset, stream_is_big_endian, GIOP_HEADER_SIZE);
+    header.req_id = get_CDR_ulong(payload_tvb, &frag_offset, stream_is_big_endian, GIOP_HEADER_SIZE);

    if(header.message_type != Fragment)
      frag_offset = 0; /* Maintain the request id for everything but fragments */

    fd_head = fragment_add_seq_next(&giop_reassembly_table,
                                    payload_tvb, frag_offset, pinfo,
-                                    request_id, NULL,
+                                    header.req_id, NULL,
                                    tvb_captured_length_remaining(payload_tvb, frag_offset),
                                    header.flags & GIOP_MESSAGE_FLAGS_FRAGMENT);

--- a/epan/dissectors/packet-giop.h
+++ b/epan/dissectors/packet-giop.h
@ -56,10 +56,10 @@ typedef struct MessageHeader {
  guint8 flags;			/* byte_order in 1.0 */
  guint8 message_type;
  guint32 message_size;
-  guint32 req_id;               /* request id in MSG  */

  /* MSG dependant data */

+  guint32 req_id;               /* request id in MSG  */
  guint32 rep_status;           /* reply status in MSG if available */
  gchar *exception_id;             /* exception string if a USER EXCEPTION occurs  */