diff options
author | gerald <gerald@f5534014-38df-0310-8fa8-9805f1628bb7> | 2011-05-06 19:39:47 +0000 |
---|---|---|
committer | gerald <gerald@f5534014-38df-0310-8fa8-9805f1628bb7> | 2011-05-06 19:39:47 +0000 |
commit | dd18b51f10250348ce60a4d149258a8486febf69 (patch) | |
tree | 6eaf172f51470934c23e48a8a114dc5ee8f16f01 /epan/diam_dict.l | |
parent | 16872e7db5bd6510a4c9b54dff958f8bc4f4c400 (diff) |
Huzaifa Sidhpurwala of Red Hat Security Response Team discovered that we
could dereferene a NULL pointer if we had a corrupted Diameter
dictionary.
Additionally, it was possible to push an invalid input buffer onto the
include stack.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@37011 f5534014-38df-0310-8fa8-9805f1628bb7
Diffstat (limited to 'epan/diam_dict.l')
-rw-r--r-- | epan/diam_dict.l | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/epan/diam_dict.l b/epan/diam_dict.l index 4de9c88a9f..bdcfc2b8a5 100644 --- a/epan/diam_dict.l +++ b/epan/diam_dict.l @@ -269,9 +269,6 @@ description_attr description=\042 yyterminate(); } - include_stack[include_stack_ptr++] = YY_CURRENT_BUFFER; - - for (e = ents.next; e; e = e->next) { if (strcmp(e->name,yytext) == 0) { yyin = ddict_open(sys_dir,e->file); @@ -282,6 +279,7 @@ description_attr description=\042 yyterminate(); } } else { + include_stack[include_stack_ptr++] = YY_CURRENT_BUFFER; yy_switch_to_buffer(yy_create_buffer( yyin, YY_BUF_SIZE ) ); BEGIN LOADING; } @@ -290,7 +288,7 @@ description_attr description=\042 } if (!e) { - fprintf(stderr, "Could not find entity: '%s'", e->name ); + fprintf(stderr, "Could not find entity: '%s'\n", yytext ); yyterminate(); } |