git.samba.org / metze / wireshark / wip.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ede3cde) | patch
rnsap: fix use-after-free of "obj_id"
authorPeter Wu <peter@lekensteyn.nl>
Fri, 18 May 2018 22:27:51 +0000 (00:27 +0200)
committerPeter Wu <peter@lekensteyn.nl>
Tue, 22 May 2018 09:39:41 +0000 (09:39 +0000)
commit8fdaeb80e81dca1cd7c6af3fba8648b664fb7141
tree54df9f78d9e283681af9d713073882edddb1430atree
parentede3cdeec9dbe8219c707ec080eb6581fad3be4ecommit | diff
rnsap: fix use-after-free of "obj_id"

dissect_PrivateIEFieldValue could use "obj_id" after it was freed. Use
per-packet info instead of globals to avoid such dangling pointers and
erase any previous state to avoid interference in the same packet.

Change-Id: I7376210ef02a8e781b5a34858ae47d2254c74948
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4311
Reviewed-on: https://code.wireshark.org/review/27650
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Darien Spencer <cusneud@mail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
epan/dissectors/asn1/rnsap/packet-rnsap-template.c diff | blob | history
epan/dissectors/asn1/rnsap/rnsap.cnf diff | blob | history
epan/dissectors/packet-rnsap.c diff | blob | history
Unnamed repository; edit this file to name it for gitweb.