forked from osmocom/wireshark
RPC: fix crash when using "Dissect unknown RPC program numbers" option
When using this option, rpc_prog_info_value structure is not fully initialized. Depending on the memory allocator used, this can lead to a NULL pointer dereference or an access to a random memory block. Ensure that the structure if fully initialized and test pointer before dereferencing it. Bug: 13266 Change-Id: Ifdc54b31c8dd3b2b6220dbe9ee27272758ff60ca Reviewed-on: https://code.wireshark.org/review/19385 Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com> Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit is contained in:
parent
541beaad6e
commit
8c70558d16
|
@ -2083,9 +2083,7 @@ looks_like_rpc_call(tvbuff_t *tvb, int offset)
|
|||
if (version > 10)
|
||||
return NULL;
|
||||
|
||||
rpc_prog = wmem_new(wmem_packet_scope(), rpc_prog_info_value);
|
||||
rpc_prog->proto = NULL;
|
||||
rpc_prog->proto_id = 0;
|
||||
rpc_prog = wmem_new0(wmem_packet_scope(), rpc_prog_info_value);
|
||||
rpc_prog->ett = ett_rpc_unknown_program;
|
||||
rpc_prog->progname = wmem_strdup_printf(wmem_packet_scope(), "Unknown RPC program %u", rpc_prog_key);
|
||||
}
|
||||
|
@ -2847,7 +2845,7 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
|||
tmp_item=proto_tree_add_uint(ptree,
|
||||
hf_rpc_programversion, tvb, 0, 0, vers);
|
||||
PROTO_ITEM_SET_GENERATED(tmp_item);
|
||||
if (rpc_prog && (rpc_prog->procedure_hfs->len > vers) )
|
||||
if (rpc_prog && rpc_prog->procedure_hfs && (rpc_prog->procedure_hfs->len > vers) )
|
||||
procedure_hf = g_array_index(rpc_prog->procedure_hfs, int, vers);
|
||||
else {
|
||||
/*
|
||||
|
|
Loading…
Reference in New Issue