Don't dereference a null pointer. Fixes bug 651. Update the release notes

accordingly.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16967 f5534014-38df-0310-8fa8-9805f1628bb7

diff --git a/asn1/h248/packet-h248-template.c b/asn1/h248/packet-h248-template.c
index 98cec4e6f11fbada1260c052f3eb80b8af85e041..18da5ffbc065300ff1af09254363dff1130c6582 100644 (file)
--- a/asn1/h248/packet-h248-template.c
+++ b/asn1/h248/packet-h248-template.c
@@ -1189,7 +1189,7 @@ static h248_trx_t* h248_trx(h248_msg_t* m ,guint32 t_id , h248_trx_type_t type)
         if (m->commited) {
             
             for ( trxmsg = m->trxs; trxmsg; trxmsg = trxmsg->next) {
-                if (trxmsg->trx->id == t_id) {
+                if (trxmsg->trx && trxmsg->trx->id == t_id) {
                     return trxmsg->trx;
                 }
             }
@@ -1390,6 +1390,7 @@ static h248_cmd_t* h248_cmd(h248_msg_t* m, h248_trx_t* t, h248_ctx_t* c, h248_cm
     cmdctx->last = cmdtrx->last = NULL;
     
     if (t->cmds) {
+        DISSECTOR_ASSERT(t->cmds->last != NULL);
         t->cmds->last->next = cmdtrx;
         t->cmds->last = cmdtrx;
     } else {
@@ -1398,6 +1399,7 @@ static h248_cmd_t* h248_cmd(h248_msg_t* m, h248_trx_t* t, h248_ctx_t* c, h248_cm
     }
 
     if (c->cmds) {
+        DISSECTOR_ASSERT(c->cmds->last != NULL);
         c->cmds->last->next = cmdctx;
         c->cmds->last = cmdctx;
     } else {

diff --git a/docbook/release-notes.xml b/docbook/release-notes.xml
index 87001f7feb1eefc82421c4046fed41571ce9e1d2..b0be1fedbbb6911411083a355fb562cfaa752d5b 100644 (file)
--- a/docbook/release-notes.xml
+++ b/docbook/release-notes.xml
@@ -20,7 +20,7 @@ DOCUMENT SECTION
 <!--
 Ethereal Info
 -->
-  <!ENTITY EtherealCurrentVersion "0.10.14">
+  <!ENTITY EtherealCurrentVersion "0.10.15">
   <!ENTITY EtherealWebSite "http://www.ethereal.com">
   <!ENTITY EtherealUsersGuidePage "&EtherealWebSite;/docs/#usersguide">
   <!ENTITY EtherealDownloadPage "&EtherealWebSite;/download.html">
@@ -74,27 +74,10 @@ Gnu info
       <itemizedlist>
 
         <listitem><para>
-         The IRC dissector could go into an infinite loop.
-         <!-- Fixed in r16290 -->
-         <!-- Bug IDs: 548 -->
-          <!-- CVE: CVE-2005-3313 -->
-         Versions affected: 0.10.13.
-        </para></listitem>
-
-        <listitem><para>
-         The GTP dissector could go into an infinite loop.
-         <!-- Fixed in r16436 -->
-         <!-- Bug IDs: 576 -->
-          <!-- CVE: None -->
-         Versions affected: 0.9.1 to 0.10.13.
-        </para></listitem>
-
-        <listitem><para>
-         iDefense found a buffer overflow in the OSPF dissector.
-         <!-- Fixed in r16507 -->
-         <!-- Bug IDs: None -->
-          <!-- CVE: CAN-2005-3651 -->
-         Versions affected: 0.8.20 to 0.10.13.
+         The H.248 dissector could crash.
+         <!-- Fixed in r16967 -->
+         <!-- Bug IDs: 651 -->
+         Versions affected: 0.10.14.
         </para></listitem>
 
       </itemizedlist>
@@ -108,15 +91,6 @@ Gnu info
 
       <itemizedlist>
         <listitem><para>
-               When cancelling a file load operation, Ethereal will keep
-               displaying the loaded packets now, instead of simply discarding the 
-               whole load attempt. 
-               </para>
-               <para>
-               This can be very helpful to detect wether a specific (huge) capture 
-               file is the expected file or not. Remember: 
-               The complete load of a huge capture file (>100MB) can take even 
-               minutes!
         </para></listitem>
       </itemizedlist>
     </para>

diff --git a/epan/dissectors/packet-h248.c b/epan/dissectors/packet-h248.c
index 476a6a7c3efd3e8d0cca1382ab0b2c5f4e93305c..b970c4b6eb8ceb759affae622203539ba99b737e 100644 (file)
--- a/epan/dissectors/packet-h248.c
+++ b/epan/dissectors/packet-h248.c
@@ -1595,7 +1595,7 @@ static h248_trx_t* h248_trx(h248_msg_t* m ,guint32 t_id , h248_trx_type_t type)
         if (m->commited) {
             
             for ( trxmsg = m->trxs; trxmsg; trxmsg = trxmsg->next) {
-                if (trxmsg->trx->id == t_id) {
+                if (trxmsg->trx && trxmsg->trx->id == t_id) {
                     return trxmsg->trx;
                 }
             }
@@ -1796,6 +1796,7 @@ static h248_cmd_t* h248_cmd(h248_msg_t* m, h248_trx_t* t, h248_ctx_t* c, h248_cm
     cmdctx->last = cmdtrx->last = NULL;
     
     if (t->cmds) {
+        DISSECTOR_ASSERT(t->cmds->last != NULL);
         t->cmds->last->next = cmdtrx;
         t->cmds->last = cmdtrx;
     } else {
@@ -1804,6 +1805,7 @@ static h248_cmd_t* h248_cmd(h248_msg_t* m, h248_trx_t* t, h248_ctx_t* c, h248_cm
     }
 
     if (c->cmds) {
+        DISSECTOR_ASSERT(c->cmds->last != NULL);
         c->cmds->last->next = cmdctx;
         c->cmds->last = cmdctx;
     } else {
@@ -5781,7 +5783,7 @@ dissect_h248_MegacoMessage(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset,
 
 
 /*--- End of included file: packet-h248-fn.c ---*/
-#line 1761 "packet-h248-template.c"
+#line 1763 "packet-h248-template.c"
 
 static void
 dissect_h248(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
@@ -7080,7 +7082,7 @@ void proto_register_h248(void) {
         "", HFILL }},
 
 /*--- End of included file: packet-h248-hfarr.c ---*/
-#line 2019 "packet-h248-template.c"
+#line 2021 "packet-h248-template.c"
 
   { &hf_h248_ctx, { "Context", "h248.ctx", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }},
   { &hf_h248_ctx_term, { "Termination", "h248.ctx.term", FT_STRING, BASE_NONE, NULL, 0, "", HFILL }},
@@ -7235,7 +7237,7 @@ void proto_register_h248(void) {
     &ett_h248_Value,
 
 /*--- End of included file: packet-h248-ettarr.c ---*/
-#line 2041 "packet-h248-template.c"
+#line 2043 "packet-h248-template.c"
   };
   
   module_t *h248_module;