the t38 tap would only initialize the t38_info structure when called from UDP

and when called from TCP this pointer would be uninitialized and thus dump core when dereferenced.

at the same time remove the rotating buffers

this fixes bugs 498 and 501

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16117 f5534014-38df-0310-8fa8-9805f1628bb7

diff --git a/epan/dissectors/packet-t38.c b/epan/dissectors/packet-t38.c
index ab03a8a09042d5eb7340078eb559be97c4f5d0b0..f12022bb46f54b914988db47e6554d2683051e91 100644 (file)
--- a/epan/dissectors/packet-t38.c
+++ b/epan/dissectors/packet-t38.c
@@ -91,6 +91,8 @@ static gboolean dissect_possible_rtpv2_packets_as_rtp = FALSE;
 static gboolean t38_tpkt_reassembly = TRUE;
 
 
+static t38_packet_info *t38_info=NULL;
+
 /* Preference setting whether TPKT header is used when sending T.38 over TCP.
  * The default setting is Maybe where the dissector will look on the first
  * bytes to try to determine whether TPKT header is used or not. This may not
@@ -174,13 +176,6 @@ static void show_setup_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 /* Preferences bool to control whether or not setup info should be shown */
 static gboolean global_t38_show_setup_info = TRUE;
 
-/* Can tap up to 4 T38 packets within same packet */
-/* We only tap the primary part, not the redundancy */
-#define MAX_T38_MESSAGES_IN_PACKET 4
-static t38_packet_info t38_info_arr[MAX_T38_MESSAGES_IN_PACKET];
-static int t38_info_current=0;
-static t38_packet_info *t38_info=NULL;
-
 /* Set up an T38 conversation */
 void t38_add_address(packet_info *pinfo,
                      address *addr, int port,
@@ -797,23 +792,8 @@ dissect_t38_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
        guint32 offset=0;
        int i;
 
-       /*
-        * XXX - heuristic to check for misidentified packets.
-        */
-       if(dissect_possible_rtpv2_packets_as_rtp){
-               octet1 = tvb_get_guint8( tvb, offset );
-               if(RTP_VERSION(octet1) == 2){
-                       call_dissector(rtp_handle,tvb,pinfo,tree);
-                       return;
-               }
-       }
-
        /* tap info */
-       t38_info_current++;
-       if (t38_info_current==MAX_T38_MESSAGES_IN_PACKET) {
-               t38_info_current=0;
-       }
-       t38_info = &t38_info_arr[t38_info_current];
+       t38_info = ep_alloc(sizeof(t38_packet_info));
 
        t38_info->seq_num = 0;
        t38_info->type_msg = 0;
@@ -827,6 +807,18 @@ dissect_t38_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
                t38_info->data_len[i] = 0;
        }
 
+
+       /*
+        * XXX - heuristic to check for misidentified packets.
+        */
+       if(dissect_possible_rtpv2_packets_as_rtp){
+               octet1 = tvb_get_guint8( tvb, offset );
+               if(RTP_VERSION(octet1) == 2){
+                       call_dissector(rtp_handle,tvb,pinfo,tree);
+                       return;
+               }
+       }
+
        if (check_col(pinfo->cinfo, COL_PROTOCOL)){
                col_set_str(pinfo->cinfo, COL_PROTOCOL, "T.38");
        }
@@ -885,6 +877,23 @@ dissect_t38_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
        proto_tree *tr;
        guint32 offset=0;
        guint16 ifp_packet_number=1;
+       int i;
+
+       /* tap info */
+       t38_info = ep_alloc(sizeof(t38_packet_info));
+
+       t38_info->seq_num = 0;
+       t38_info->type_msg = 0;
+       t38_info->data_value = 0;
+       t38_info->t30ind_value =0;
+
+       t38_info->t38_info_data_item_index = 0;
+       for (i=0; i<MAX_T38_DATA_ITEMS; i++) {
+               t38_info->data_type[i] = 0;
+               t38_info->data[i] = NULL;
+               t38_info->data_len[i] = 0;
+       }
+
 
        if (check_col(pinfo->cinfo, COL_PROTOCOL)){
                col_set_str(pinfo->cinfo, COL_PROTOCOL, "T.38");