Huzaifa Sidhpurwala of Red Hat Security Response Team discovered that we

could dereferene a NULL pointer if we had a corrupted Diameter dictionary. Additionally, it was possible to push an invalid input buffer onto the include stack. svn path=/trunk/; revision=37011
author: Gerald Combs <gerald@wireshark.org> 2011-05-06 19:39:47 +0000
committer: Gerald Combs <gerald@wireshark.org> 2011-05-06 19:39:47 +0000
commit: 89084852466dd2abcec94bf00e6a58d3d55e3abe (patch)
tree: 6eaf172f51470934c23e48a8a114dc5ee8f16f01 /epan/diam_dict.l
parent: 451e59c852cc2a6c0086bd04413d41cc2926d751 (diff)
1 files changed, 2 insertions, 4 deletions
diff --git a/epan/diam_dict.l b/epan/diam_dict.l
index 4de9c88a9f..bdcfc2b8a5 100644
--- a/epan/diam_dict.l
+++ b/epan/diam_dict.l
@@ -269,9 +269,6 @@ description_attr description=\042
 		yyterminate();
 	}
 
-	include_stack[include_stack_ptr++] = YY_CURRENT_BUFFER;
-
-
 	for (e = ents.next; e; e = e->next) {
 		if (strcmp(e->name,yytext) == 0) {
 			yyin = ddict_open(sys_dir,e->file);
@@ -282,6 +279,7 @@ description_attr description=\042
 					yyterminate();
 				}
 			} else {
+				include_stack[include_stack_ptr++] = YY_CURRENT_BUFFER;
 				yy_switch_to_buffer(yy_create_buffer( yyin, YY_BUF_SIZE ) );
 				BEGIN LOADING;
 			}
@@ -290,7 +288,7 @@ description_attr description=\042
 	}
 
 	if (!e) {
-		fprintf(stderr, "Could not find entity: '%s'", e->name );
+		fprintf(stderr, "Could not find entity: '%s'\n", yytext );
 		yyterminate();
 	}
author	Gerald Combs <gerald@wireshark.org>	2011-05-06 19:39:47 +0000
committer	Gerald Combs <gerald@wireshark.org>	2011-05-06 19:39:47 +0000
commit	89084852466dd2abcec94bf00e6a58d3d55e3abe (patch)
tree	6eaf172f51470934c23e48a8a114dc5ee8f16f01 /epan/diam_dict.l
parent	451e59c852cc2a6c0086bd04413d41cc2926d751 (diff)