forked from osmocom/wireshark
ZigBee: fix buffer overrun in zbee_sec_add_key_to_keyring
"key" is a guint8 array of ZBEE_APS_CMD_KEY_LENGTH, compare its value and not the pointer. Bug: 14070 Change-Id: I8add2bbcc04f9bbbc9502a07aa34d35b5a67e1c1 Fixes: v2.5.0rc0-1007-gf63fc33362 ("ZigBee: implemented a dissector for ZBOSS key dump") Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3408 Reviewed-on: https://code.wireshark.org/review/23588 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
This commit is contained in:
parent
8dbb21dfde
commit
b40ad7c2ff
|
@ -1250,7 +1250,7 @@ void zbee_sec_add_key_to_keyring(packet_info *pinfo, const guint8 *key)
|
|||
|
||||
if ( nwk_keyring ) {
|
||||
if ( !*nwk_keyring ||
|
||||
memcmp( ((key_record_t *)((GSList *)(*nwk_keyring))->data)->key, &key,
|
||||
memcmp( ((key_record_t *)((GSList *)(*nwk_keyring))->data)->key, key,
|
||||
ZBEE_APS_CMD_KEY_LENGTH) ) {
|
||||
/* Store a new or different key in the key ring */
|
||||
key_record.frame_num = pinfo->num;
|
||||
|
|
Loading…
Reference in New Issue