IDMP: Fix a string allocation.

protocolID is packet scoped, so it can lead to hilarity if we add it to
the ROS dissector's epan scoped wmem_map. Add an epan-scoped copy of
protocolID instead. Blind attempt at fixing #16342.
This commit is contained in:
Gerald Combs 2021-10-04 17:16:28 -07:00 committed by Wireshark GitLab Utility
parent f9ac0f40f7
commit f51510f401
3 changed files with 16 additions and 12 deletions

View File

@ -35,6 +35,9 @@ IdmResult/invokeID ABBREV=idmResult.invokeID
#.FN_PARS OBJECT_IDENTIFIER FN_VARIANT = _str VAL_PTR = &protocolID
#.FN_FTR IdmBind
saved_protocolID = wmem_strdup(wmem_epan_scope(), protocolID);
#.END
#.FN_BODY IdmBindResult/result
struct SESSION_DATA_STRUCTURE *session = (struct SESSION_DATA_STRUCTURE*)actx->private_data;

View File

@ -100,14 +100,14 @@ static int call_idmp_oid_callback(tvbuff_t *tvb, int offset, packet_info *pinfo,
{
if(session != NULL) {
if((!saved_protocolID) && (op == (ROS_OP_BIND | ROS_OP_RESULT))) {
/* save for subsequent operations - should be into session data */
saved_protocolID = wmem_strdup(wmem_file_scope(), protocolID);
/* XXX saved_protocolID should be part of session data */
if (!saved_protocolID) {
saved_protocolID = "[ unknown ]";
}
/* mimic ROS! */
session->ros_op = op;
offset = call_ros_oid_callback(saved_protocolID ? saved_protocolID : protocolID, tvb, offset, pinfo, tree, session);
offset = call_ros_oid_callback(saved_protocolID, tvb, offset, pinfo, tree, session);
}
return offset;
@ -234,8 +234,8 @@ static int dissect_idmp_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *paren
static void idmp_reassemble_cleanup(void)
{
protocolID = NULL;
saved_protocolID = NULL;
protocolID = NULL; // packet scoped
saved_protocolID = NULL; // epan scoped copy of protocolID
opcode = -1;
}

View File

@ -108,14 +108,14 @@ static int call_idmp_oid_callback(tvbuff_t *tvb, int offset, packet_info *pinfo,
{
if(session != NULL) {
if((!saved_protocolID) && (op == (ROS_OP_BIND | ROS_OP_RESULT))) {
/* save for subsequent operations - should be into session data */
saved_protocolID = wmem_strdup(wmem_file_scope(), protocolID);
/* XXX saved_protocolID should be part of session data */
if (!saved_protocolID) {
saved_protocolID = "[ unknown ]";
}
/* mimic ROS! */
session->ros_op = op;
offset = call_ros_oid_callback(saved_protocolID ? saved_protocolID : protocolID, tvb, offset, pinfo, tree, session);
offset = call_ros_oid_callback(saved_protocolID, tvb, offset, pinfo, tree, session);
}
return offset;
@ -218,6 +218,7 @@ dissect_idmp_IdmBind(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U
offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
IdmBind_sequence, hf_index, ett_idmp_IdmBind);
saved_protocolID = wmem_strdup(wmem_epan_scope(), protocolID);
return offset;
}
@ -720,8 +721,8 @@ static int dissect_idmp_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *paren
static void idmp_reassemble_cleanup(void)
{
protocolID = NULL;
saved_protocolID = NULL;
protocolID = NULL; // packet scoped
saved_protocolID = NULL; // epan scoped copy of protocolID
opcode = -1;
}