diff options
author | Evan Huus <eapache@gmail.com> | 2021-09-10 15:24:48 -0400 |
---|---|---|
committer | Evan Huus <eapache@gmail.com> | 2021-09-10 15:24:48 -0400 |
commit | 059c7906c08962b10b7905959800089269fbd74b (patch) | |
tree | e725c006d7e3c675529db72db55aa261f70606ed | |
parent | c6343153638c2ed739fcb1ebdcd37070fe653a1d (diff) |
h225: fix tvblist used uninitialized
6caf24e96612b738c7320876c91c1a6c2ef51c1a uncovered a bug
in the h225 dissector where h245_list was used in a path that wasn't
guaranteed to be initialized. It wasn't causing fuzz errors before
because the memory was at least being zeroed, although that state was
still technically invalid.
Initialize and call the tvb_lists in dissect_h225_h225_RasMessage, which
is the other h225 entrypoint, just like dissect_h225_H323UserInformation
(the other dissector entrypoint) was already doing.
-rw-r--r-- | epan/dissectors/asn1/h225/packet-h225-template.c | 5 | ||||
-rw-r--r-- | epan/dissectors/packet-h225.c | 9 |
2 files changed, 12 insertions, 2 deletions
diff --git a/epan/dissectors/asn1/h225/packet-h225-template.c b/epan/dissectors/asn1/h225/packet-h225-template.c index 01c77ec2f8..cb504f0744 100644 --- a/epan/dissectors/asn1/h225/packet-h225-template.c +++ b/epan/dissectors/asn1/h225/packet-h225-template.c @@ -376,6 +376,8 @@ dissect_h225_h225_RasMessage(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree p_add_proto_data(pinfo->pool, pinfo, proto_h225, 0, h225_pi); register_frame_end_routine(pinfo, h225_frame_end); + h245_list = next_tvb_list_new(pinfo->pool); + tp_list = next_tvb_list_new(pinfo->pool); col_set_str(pinfo->cinfo, COL_PROTOCOL, PSNAME); @@ -386,6 +388,9 @@ dissect_h225_h225_RasMessage(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree ras_call_matching(tvb, pinfo, tr, h225_pi); + next_tvb_call(h245_list, pinfo, tree, h245dg_handle, data_handle); + next_tvb_call(tp_list, pinfo, tree, NULL, data_handle); + tap_queue_packet(h225_tap, pinfo, h225_pi); return offset; diff --git a/epan/dissectors/packet-h225.c b/epan/dissectors/packet-h225.c index 53af64a257..222aa4c9ea 100644 --- a/epan/dissectors/packet-h225.c +++ b/epan/dissectors/packet-h225.c @@ -7957,6 +7957,8 @@ dissect_h225_h225_RasMessage(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree p_add_proto_data(pinfo->pool, pinfo, proto_h225, 0, h225_pi); register_frame_end_routine(pinfo, h225_frame_end); + h245_list = next_tvb_list_new(pinfo->pool); + tp_list = next_tvb_list_new(pinfo->pool); col_set_str(pinfo->cinfo, COL_PROTOCOL, PSNAME); @@ -7967,6 +7969,9 @@ dissect_h225_h225_RasMessage(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree ras_call_matching(tvb, pinfo, tr, h225_pi); + next_tvb_call(h245_list, pinfo, tree, h245dg_handle, data_handle); + next_tvb_call(tp_list, pinfo, tree, NULL, data_handle); + tap_queue_packet(h225_tap, pinfo, h225_pi); return offset; @@ -11496,7 +11501,7 @@ void proto_register_h225(void) { NULL, HFILL }}, /*--- End of included file: packet-h225-hfarr.c ---*/ -#line 822 "./asn1/h225/packet-h225-template.c" +#line 827 "./asn1/h225/packet-h225-template.c" }; /* List of subtrees */ @@ -11746,7 +11751,7 @@ void proto_register_h225(void) { &ett_h225_T_result, /*--- End of included file: packet-h225-ettarr.c ---*/ -#line 828 "./asn1/h225/packet-h225-template.c" +#line 833 "./asn1/h225/packet-h225-template.c" }; static tap_param h225_stat_params[] = { |