Fix a buffer overflow in the PPP dissector. Try to fix uninitialized
variable warnings turned up by Valgrind. svn path=/trunk/; revision=23475
This commit is contained in:
parent
24d6a39eb0
commit
c2d537141a
|
@ -154,6 +154,18 @@ Wireshark Info
|
|||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
The PPP dissector could overflow a buffer.
|
||||
<!-- Fixed in r23475 -->
|
||||
<!-- (Bug <ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1926">1926</ulink>) -->
|
||||
</para>
|
||||
<para>Versions affected: 0.99.6</para>
|
||||
<para>
|
||||
<!-- <ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-????">CVE-2007-????</ulink> -->
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<!-- rtsp? -->
|
||||
</itemizedlist>
|
||||
|
||||
|
|
|
@ -510,6 +510,9 @@ decode_sse(proto_tree* ext_tree, tvbuff_t* tvb, int offset, size_t ext_len)
|
|||
if(msid_len > A11_MSG_MSID_ELEM_LEN_MAX)
|
||||
{
|
||||
p_msid = "MSID is too long";
|
||||
}else if(msid_len < 1)
|
||||
{
|
||||
p_msid = "MSID is too short";
|
||||
}else
|
||||
{
|
||||
/* Decode the BCD digits */
|
||||
|
|
|
@ -3182,7 +3182,7 @@ dissect_iphc_crtp_fh(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|||
}
|
||||
|
||||
/* information field */
|
||||
tvb_ensure_bytes_exist (tvb, 0, length);
|
||||
tvb_ensure_bytes_exist (tvb, 0, hdr_len);
|
||||
ti = proto_tree_add_text(fh_tree, tvb, 0,length,"Information Field");
|
||||
info_tree = proto_item_add_subtree(ti,ett_iphc_crtp_info);
|
||||
|
||||
|
|
|
@ -5308,6 +5308,7 @@ dissect_rsvp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|||
msg_length = tvb_get_ntohs(tvb, 6);
|
||||
|
||||
rsvph = ep_alloc(sizeof(rsvp_conversation_info));
|
||||
rsvph->session_type = 0;
|
||||
|
||||
/* Copy over the source and destination addresses from the pinfo strucutre */
|
||||
SET_ADDRESS(&rsvph->source, pinfo->src.type, pinfo->src.len, pinfo->src.data);
|
||||
|
@ -5406,6 +5407,9 @@ dissect_rsvp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|||
break;
|
||||
default:
|
||||
/* This should never happen. */
|
||||
if (tree) {
|
||||
proto_tree_add_text(tree, tvb, 0, 0, "Unknown session type");
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue