osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Huzaifa Sidhpurwala of Red Hat Security Response Team discovered that we 

could dereferene a NULL pointer if we had a corrupted Diameter
dictionary.

Additionally, it was possible to push an invalid input buffer onto the
include stack.

svn path=/trunk/; revision=37011
This commit is contained in:
Gerald Combs 2011-05-06 19:39:47 +00:00
parent 451e59c852
commit 8908485246
1 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
epan/diam_dict.l
View File

@ -269,9 +269,6 @@ description_attr description=\042
yyterminate();
}
include_stack[include_stack_ptr++] = YY_CURRENT_BUFFER;
for (e = ents.next; e; e = e->next) {
if (strcmp(e->name,yytext) == 0) {
yyin = ddict_open(sys_dir,e->file);
@ -282,6 +279,7 @@ description_attr description=\042
yyterminate();
}
} else {
include_stack[include_stack_ptr++] = YY_CURRENT_BUFFER;
yy_switch_to_buffer(yy_create_buffer( yyin, YY_BUF_SIZE ) );
BEGIN LOADING;
}
@ -290,7 +288,7 @@ description_attr description=\042
}
if (!e) {
fprintf(stderr, "Could not find entity: '%s'", e->name );
fprintf(stderr, "Could not find entity: '%s'\n", yytext );
yyterminate();
}