diff options
author | Evan Huus <eapache@gmail.com> | 2015-04-16 07:36:46 -0400 |
---|---|---|
committer | Evan Huus <eapache@gmail.com> | 2015-04-16 22:40:35 +0000 |
commit | 8825b553038c007bf8cf8f1d53dd62b13b3feb6a (patch) | |
tree | a523bf6699f704d9005d84fdb5af8e5fd23a6b55 /epan/dissectors/packet-giop.c | |
parent | 32bbe0af235ba1fdb450a9850a92c2e8b0fa7b1e (diff) |
giop: fix uninitialized use of request id
Move the req_id field to the "message-dependent data" section of the header
struct, since in the spec I found it is not specified in the common GIOP header
(even though it appears to be present in all message types). Regardless, this
better reflects the fact that it is not initialized by the primary tvb_memcpy,
only the independent fields are.
Initialize it and use it rather than creating a local for no reason; fixes the
possibility of using it uninitialized.
Bug: 11123
Change-Id: I3bae1df5123fbb1f2b86f7c42cee392b5b045c4f
Reviewed-on: https://code.wireshark.org/review/8087
Reviewed-by: Evan Huus <eapache@gmail.com>
Diffstat (limited to 'epan/dissectors/packet-giop.c')
-rw-r--r-- | epan/dissectors/packet-giop.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/epan/dissectors/packet-giop.c b/epan/dissectors/packet-giop.c index a127d8fc60..d3f5e24b80 100644 --- a/epan/dissectors/packet-giop.c +++ b/epan/dissectors/packet-giop.c @@ -4830,17 +4830,16 @@ static int dissect_giop_common (tvbuff_t * tvb, packet_info * pinfo, proto_tree fragment_head *fd_head = NULL; tvbuff_t *reassembled_tvb; guint frag_offset = 0; - int request_id; /* request id is the first 4 bytes */ - request_id = get_CDR_ulong(payload_tvb, &frag_offset, stream_is_big_endian, GIOP_HEADER_SIZE); + header.req_id = get_CDR_ulong(payload_tvb, &frag_offset, stream_is_big_endian, GIOP_HEADER_SIZE); if(header.message_type != Fragment) frag_offset = 0; /* Maintain the request id for everything but fragments */ fd_head = fragment_add_seq_next(&giop_reassembly_table, payload_tvb, frag_offset, pinfo, - request_id, NULL, + header.req_id, NULL, tvb_captured_length_remaining(payload_tvb, frag_offset), header.flags & GIOP_MESSAGE_FLAGS_FRAGMENT); |