diff options
| author | Anish Bhatt <anish@chelsio.com> | 2015-12-12 13:54:29 -0800 |
|---|---|---|
| committer | Michael Mann <mmann78@netscape.net> | 2015-12-13 12:55:13 +0000 |
| commit | 23379ae3624df82c170f48e5bb3250a97ec61c13 (patch) | |
| tree | c33de4a62e4fc7df00d262ba79b915742797a571 /epan | |
| parent | 4e43fc490a23086848011fd94b276949b9bfdf71 (diff) | |
NBAP : Verify conversation proto data exists before trying to access it
Bug 11841
Change-Id: Ic0dea6491a68a042ddc0f2dbee19739e4568b18c
Reviewed-on: https://code.wireshark.org/review/12576
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'epan')
| -rw-r--r-- | epan/dissectors/packet-nbap.c | 69 |
1 files changed, 36 insertions, 33 deletions
diff --git a/epan/dissectors/packet-nbap.c b/epan/dissectors/packet-nbap.c index 1792f4a9e5..fe8838baa7 100644 --- a/epan/dissectors/packet-nbap.c +++ b/epan/dissectors/packet-nbap.c @@ -10027,7 +10027,7 @@ dissect_nbap_AddorDeleteIndicator(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t static int dissect_nbap_CFN(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 2148 "../../asn1/nbap/nbap.cnf" +#line 2151 "../../asn1/nbap/nbap.cnf" offset = dissect_per_constrained_integer(tvb, offset, actx, tree, hf_index, 0U, 255U, &cfn, FALSE); @@ -10280,7 +10280,7 @@ dissect_nbap_AvailabilityStatus(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *a static int dissect_nbap_HSDSCH_RNTI(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 2113 "../../asn1/nbap/nbap.cnf" +#line 2116 "../../asn1/nbap/nbap.cnf" umts_fp_conversation_info_t *umts_fp_conversation_info = NULL; address null_addr; conversation_t *conversation = NULL; @@ -11502,7 +11502,7 @@ dissect_nbap_Common_E_DCH_Resource_Combination_InfoList(tvbuff_t *tvb _U_, int o static int dissect_nbap_Common_MACFlow_ID(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1972 "../../asn1/nbap/nbap.cnf" +#line 1975 "../../asn1/nbap/nbap.cnf" offset = dissect_per_constrained_integer(tvb, offset, actx, tree, hf_index, 0U, maxNrOfCommonMACFlows_1, &common_macdflow_id, FALSE); @@ -11636,7 +11636,7 @@ dissect_nbap_E_DCH_MACdFlow_Multiplexing_List(tvbuff_t *tvb _U_, int offset _U_, static int dissect_nbap_LogicalChannelID(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1626 "../../asn1/nbap/nbap.cnf" +#line 1629 "../../asn1/nbap/nbap.cnf" /* Set logical channel id for this entry*/ offset = dissect_per_constrained_integer(tvb, offset, actx, tree, hf_index, 1U, 15U, &logical_channel_id, FALSE); @@ -11654,7 +11654,7 @@ dissect_nbap_LogicalChannelID(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *act static int dissect_nbap_MAC_PDU_SizeExtended(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1728 "../../asn1/nbap/nbap.cnf" +#line 1731 "../../asn1/nbap/nbap.cnf" offset = dissect_per_constrained_integer(tvb, offset, actx, tree, hf_index, 1U, 1504U, NULL, TRUE); @@ -12077,7 +12077,7 @@ static const per_sequence_t CommonMACFlow_Specific_InfoItem_sequence[] = { static int dissect_nbap_CommonMACFlow_Specific_InfoItem(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1979 "../../asn1/nbap/nbap.cnf" +#line 1982 "../../asn1/nbap/nbap.cnf" address dst_addr; transportLayerAddress_ipv4 = 0; BindingID_port = 0; @@ -12122,7 +12122,7 @@ dissect_nbap_CommonMACFlow_Specific_InfoList(tvbuff_t *tvb _U_, int offset _U_, static int dissect_nbap_MACdPDU_Size(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1616 "../../asn1/nbap/nbap.cnf" +#line 1619 "../../asn1/nbap/nbap.cnf" offset = dissect_per_constrained_integer(tvb, offset, actx, tree, hf_index, 1U, 5000U, &MACdPDU_Size, TRUE); @@ -13343,7 +13343,7 @@ dissect_nbap_CriticalityDiagnostics(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_ static int dissect_nbap_CRNC_CommunicationContextID(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 2087 "../../asn1/nbap/nbap.cnf" +#line 2090 "../../asn1/nbap/nbap.cnf" offset = dissect_per_constrained_integer(tvb, offset, actx, tree, hf_index, 0U, 1048575U, &com_context_id, FALSE); @@ -18027,7 +18027,7 @@ dissect_nbap_E_DCH_HARQ_Combining_Capability(tvbuff_t *tvb _U_, int offset _U_, static int dissect_nbap_E_DCH_DDI_Value(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1605 "../../asn1/nbap/nbap.cnf" +#line 1608 "../../asn1/nbap/nbap.cnf" offset = dissect_per_constrained_integer(tvb, offset, actx, tree, hf_index, 0U, 62U, &e_dch_ddi_value, FALSE); @@ -18162,7 +18162,7 @@ static const per_sequence_t E_DCH_LogicalChannelInformationItem_sequence[] = { static int dissect_nbap_E_DCH_LogicalChannelInformationItem(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1602 "../../asn1/nbap/nbap.cnf" +#line 1605 "../../asn1/nbap/nbap.cnf" num_items++; @@ -18179,7 +18179,7 @@ static const per_sequence_t E_DCH_LogicalChannelInformation_sequence_of[1] = { static int dissect_nbap_E_DCH_LogicalChannelInformation(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1595 "../../asn1/nbap/nbap.cnf" +#line 1598 "../../asn1/nbap/nbap.cnf" num_items = 0; offset = dissect_per_constrained_sequence_of(tvb, offset, actx, tree, hf_index, @@ -18395,7 +18395,7 @@ static const per_sequence_t E_DCH_LogicalChannelToModifyItem_sequence[] = { static int dissect_nbap_E_DCH_LogicalChannelToModifyItem(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1590 "../../asn1/nbap/nbap.cnf" +#line 1593 "../../asn1/nbap/nbap.cnf" offset = dissect_per_sequence(tvb, offset, actx, tree, hf_index, ett_nbap_E_DCH_LogicalChannelToModifyItem, E_DCH_LogicalChannelToModifyItem_sequence); @@ -18470,7 +18470,7 @@ static const per_sequence_t E_DCH_MACdFlow_Specific_InfoItem_to_Modify_sequence[ static int dissect_nbap_E_DCH_MACdFlow_Specific_InfoItem_to_Modify(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1498 "../../asn1/nbap/nbap.cnf" +#line 1501 "../../asn1/nbap/nbap.cnf" guint32 no_ddi_entries, i; address null_addr; nbap_edch_port_info_t *old_info; @@ -18617,6 +18617,7 @@ dissect_nbap_E_DCH_FDD_Information_to_Modify(tvbuff_t *tvb _U_, int offset _U_, address dst_addr, null_addr; conversation_t *conversation,*old_conversation = NULL; umts_fp_conversation_info_t *umts_fp_conversation_info _U_; +void *conv_proto_data = NULL; transportLayerAddress_ipv4 = 0; BindingID_port = 0; @@ -18663,9 +18664,11 @@ BindingID_port = 0; if(actx->pinfo->link_dir==P2P_DIR_DL){ umts_fp_conversation_info = wmem_new0(wmem_file_scope(), umts_fp_conversation_info_t); /* Steal the old information */ - if (old_conversation) - memcpy(umts_fp_conversation_info,conversation_get_proto_data(old_conversation, proto_fp),sizeof(umts_fp_conversation_info_t)); - + if (old_conversation) { + conv_proto_data = conversation_get_proto_data(old_conversation, proto_fp); + if (conv_proto_data) + memcpy(umts_fp_conversation_info,conv_proto_data,sizeof(umts_fp_conversation_info_t)); + } /* Overwrite the data */ umts_fp_conversation_info->iface_type = IuB_Interface; umts_fp_conversation_info->division = Division_FDD; @@ -23305,7 +23308,7 @@ static const per_sequence_t HSDSCH_Common_System_InformationFDD_sequence[] = { static int dissect_nbap_HSDSCH_Common_System_InformationFDD(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1999 "../../asn1/nbap/nbap.cnf" +#line 2002 "../../asn1/nbap/nbap.cnf" /* * 5.1.6 High Speed Downlink Shared Channels * The Data Transfer procedure is used to transfer a HS-DSCH DATA FRAME (TYPE 1, TYPE 2 [FDD and 1.28Mcps @@ -23466,7 +23469,7 @@ static const per_sequence_t HSDSCH_MACdFlow_Specific_InfoItem_sequence[] = { static int dissect_nbap_HSDSCH_MACdFlow_Specific_InfoItem(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1706 "../../asn1/nbap/nbap.cnf" +#line 1709 "../../asn1/nbap/nbap.cnf" address dst_addr; @@ -23569,7 +23572,7 @@ static const value_string nbap_RLC_Mode_vals[] = { static int dissect_nbap_RLC_Mode(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1633 "../../asn1/nbap/nbap.cnf" +#line 1636 "../../asn1/nbap/nbap.cnf" guint32 rlc_mode; offset = dissect_per_enumerated(tvb, offset, actx, tree, hf_index, @@ -23610,7 +23613,7 @@ static const per_sequence_t PriorityQueue_InfoItem_sequence[] = { static int dissect_nbap_PriorityQueue_InfoItem(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1697 "../../asn1/nbap/nbap.cnf" +#line 1700 "../../asn1/nbap/nbap.cnf" num_items++; @@ -23644,7 +23647,7 @@ static const per_sequence_t HSDSCH_MACdFlows_Information_sequence[] = { static int dissect_nbap_HSDSCH_MACdFlows_Information(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1657 "../../asn1/nbap/nbap.cnf" +#line 1660 "../../asn1/nbap/nbap.cnf" int protocol_ie_id; guint32 i; @@ -23688,7 +23691,7 @@ dissect_nbap_HSDSCH_MACdFlows_Information(tvbuff_t *tvb _U_, int offset _U_, asn static int dissect_nbap_T_hSDSCH_Physical_Layer_Category(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1650 "../../asn1/nbap/nbap.cnf" +#line 1653 "../../asn1/nbap/nbap.cnf" guint32 hsdsch_physical_layer_category; offset = dissect_per_constrained_integer(tvb, offset, actx, tree, hf_index, @@ -23756,7 +23759,7 @@ static const per_sequence_t HSDSCH_FDD_Information_sequence[] = { static int dissect_nbap_HSDSCH_FDD_Information(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1758 "../../asn1/nbap/nbap.cnf" +#line 1761 "../../asn1/nbap/nbap.cnf" /* * Collect the information about the HSDSCH MACdFlows set up conversation(s) and set the conversation data. */ @@ -23893,7 +23896,7 @@ static const per_sequence_t HSDSCH_MACdFlow_Specific_InfoItem_to_Modify_sequence static int dissect_nbap_HSDSCH_MACdFlow_Specific_InfoItem_to_Modify(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1847 "../../asn1/nbap/nbap.cnf" +#line 1850 "../../asn1/nbap/nbap.cnf" address dst_addr; transportLayerAddress_ipv4 = 0; BindingID_port = 0; @@ -23951,7 +23954,7 @@ static const per_sequence_t PriorityQueue_InfoItem_to_Add_sequence[] = { static int dissect_nbap_PriorityQueue_InfoItem_to_Add(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1700 "../../asn1/nbap/nbap.cnf" +#line 1703 "../../asn1/nbap/nbap.cnf" num_items = 1; @@ -24086,7 +24089,7 @@ static const per_sequence_t HSDSCH_Information_to_Modify_sequence[] = { static int dissect_nbap_HSDSCH_Information_to_Modify(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1867 "../../asn1/nbap/nbap.cnf" +#line 1870 "../../asn1/nbap/nbap.cnf" /* * This is pretty much the same like if we setup a previous flow */ @@ -24208,7 +24211,7 @@ static const value_string nbap_HSDSCH_MACdPDUSizeFormat_vals[] = { static int dissect_nbap_HSDSCH_MACdPDUSizeFormat(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1735 "../../asn1/nbap/nbap.cnf" +#line 1738 "../../asn1/nbap/nbap.cnf" /* * Removed 10 Aug. 2012, I'm not sure if this was right, it wrongfully * set some packets as type 2 for HSDHCH modified items. @@ -24319,7 +24322,7 @@ static const per_sequence_t HSDSCH_MACdFlow_Specific_InformationResp_Item_sequen static int dissect_nbap_HSDSCH_MACdFlow_Specific_InformationResp_Item(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1703 "../../asn1/nbap/nbap.cnf" +#line 1706 "../../asn1/nbap/nbap.cnf" num_items++; @@ -24735,7 +24738,7 @@ static const per_sequence_t HSDSCH_Paging_System_InformationFDD_sequence[] = { static int dissect_nbap_HSDSCH_Paging_System_InformationFDD(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 2077 "../../asn1/nbap/nbap.cnf" +#line 2080 "../../asn1/nbap/nbap.cnf" /* g_warning("HS-DSCH Type 3 NOT Implemented!"); */ @@ -24929,7 +24932,7 @@ static const per_sequence_t HSDSCH_MACdFlows_to_Delete_Item_sequence[] = { static int dissect_nbap_HSDSCH_MACdFlows_to_Delete_Item(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1694 "../../asn1/nbap/nbap.cnf" +#line 1697 "../../asn1/nbap/nbap.cnf" num_items++; @@ -24946,7 +24949,7 @@ static const per_sequence_t HSDSCH_MACdFlows_to_Delete_sequence_of[1] = { static int dissect_nbap_HSDSCH_MACdFlows_to_Delete(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1689 "../../asn1/nbap/nbap.cnf" +#line 1692 "../../asn1/nbap/nbap.cnf" num_items = 0; @@ -28048,7 +28051,7 @@ dissect_nbap_NI_Information(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx static int dissect_nbap_NodeB_CommunicationContextID(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 2091 "../../asn1/nbap/nbap.cnf" +#line 2094 "../../asn1/nbap/nbap.cnf" /*Set up and map that maps Node-B ids to CRNC ids, since often you only have one of them present in nbap*/ nbap_com_context_id_t *cur_val; @@ -41065,7 +41068,7 @@ col_set_str(actx->pinfo->cinfo, COL_INFO,"RadioLinkReconfigurationCommit "); actx->pinfo->link_dir=P2P_DIR_DL; -#line 2140 "../../asn1/nbap/nbap.cnf" +#line 2143 "../../asn1/nbap/nbap.cnf" /* * Here we need to signal the CFN value, down to FP so * that lowert layers know when a reconfiguration becomes active |