aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Kaiser <wireshark@kaiser.cx>2018-03-03 19:49:22 +0100
committerAnders Broman <a.broman58@gmail.com>2018-03-04 07:48:52 +0000
commit177962a5b4a05759b40fb6fc07a4a6eec306a9bf (patch)
treea3b06bb276b86189d5ebbb8a384d147b55cb8ec7
parentb70eb189bb906d0b03ca95219a4c9c82eee43f97 (diff)
enip: use wmem for copied addresses
When we copy an address from pinfo into connInfo->O2T.ipaddress, a shallow copy is not sufficient. connInfo->O2T.ipaddress is kept across packets whereas pinfo is valid only for the current packet. Use wmem with file scope for the copied address. This fixes a use-after-free error when we access the address in a subsequent packet. Bug: 14470 Change-Id: I8b74037020189485485a506af6510cb45828e3c4 Reviewed-on: https://code.wireshark.org/review/26248 Reviewed-by: Martin Kaiser <wireshark@kaiser.cx> Petri-Dish: Martin Kaiser <wireshark@kaiser.cx> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat
-rw-r--r--epan/dissectors/packet-enip.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/epan/dissectors/packet-enip.c b/epan/dissectors/packet-enip.c
index bc5f26ff7d..84babb00fc 100644
--- a/epan/dissectors/packet-enip.c
+++ b/epan/dissectors/packet-enip.c
@@ -1091,14 +1091,14 @@ enip_open_cip_connection( packet_info *pinfo, cip_conn_info_t* connInfo)
((connInfo->O2T.ipaddress.type == AT_IPv4) && ((*(const guint32*)connInfo->O2T.ipaddress.data)) == 0) ||
((connInfo->O2T.ipaddress.type == AT_IPv6) && (memcmp(connInfo->O2T.ipaddress.data, &ipv6_zero, sizeof(ipv6_zero)) == 0)) ||
(connInfo->O2T.type != CONN_TYPE_MULTICAST))
- copy_address_shallow(&connInfo->O2T.ipaddress, &pinfo->src);
+ copy_address_wmem(wmem_file_scope(), &connInfo->O2T.ipaddress, &pinfo->src);
if ((connInfo->T2O.port == 0) || (connInfo->T2O.type == CONN_TYPE_MULTICAST))
connInfo->T2O.port = ENIP_IO_PORT;
if ((connInfo->T2O.ipaddress.type == AT_NONE) ||
((connInfo->T2O.ipaddress.type == AT_IPv4) && ((*(const guint32*)connInfo->T2O.ipaddress.data)) == 0) ||
((connInfo->T2O.ipaddress.type == AT_IPv6) && (memcmp(connInfo->T2O.ipaddress.data, &ipv6_zero, sizeof(ipv6_zero)) == 0)) ||
(connInfo->T2O.type != CONN_TYPE_MULTICAST))
- copy_address_shallow(&connInfo->T2O.ipaddress, &pinfo->dst);
+ copy_address_wmem(wmem_file_scope(), &connInfo->T2O.ipaddress, &pinfo->dst);
if (connInfo->O2T.ipaddress.type == AT_IPv6)
{
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 01:28:40 +0000