diff options
| author | Evan Huus <eapache@gmail.com> | 2021-09-10 15:24:48 -0400 |
|---|---|---|
| committer | Evan Huus <eapache@gmail.com> | 2021-09-10 15:24:48 -0400 |
| commit | 059c7906c08962b10b7905959800089269fbd74b (patch) | |
| tree | e725c006d7e3c675529db72db55aa261f70606ed /epan/dissectors/asn1 | |
| parent | c6343153638c2ed739fcb1ebdcd37070fe653a1d (diff) | |
h225: fix tvblist used uninitialized
6caf24e96612b738c7320876c91c1a6c2ef51c1a uncovered a bug
in the h225 dissector where h245_list was used in a path that wasn't
guaranteed to be initialized. It wasn't causing fuzz errors before
because the memory was at least being zeroed, although that state was
still technically invalid.
Initialize and call the tvb_lists in dissect_h225_h225_RasMessage, which
is the other h225 entrypoint, just like dissect_h225_H323UserInformation
(the other dissector entrypoint) was already doing.
Diffstat (limited to 'epan/dissectors/asn1')
| -rw-r--r-- | epan/dissectors/asn1/h225/packet-h225-template.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/epan/dissectors/asn1/h225/packet-h225-template.c b/epan/dissectors/asn1/h225/packet-h225-template.c index 01c77ec2f8..cb504f0744 100644 --- a/epan/dissectors/asn1/h225/packet-h225-template.c +++ b/epan/dissectors/asn1/h225/packet-h225-template.c @@ -376,6 +376,8 @@ dissect_h225_h225_RasMessage(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree p_add_proto_data(pinfo->pool, pinfo, proto_h225, 0, h225_pi); register_frame_end_routine(pinfo, h225_frame_end); + h245_list = next_tvb_list_new(pinfo->pool); + tp_list = next_tvb_list_new(pinfo->pool); col_set_str(pinfo->cinfo, COL_PROTOCOL, PSNAME); @@ -386,6 +388,9 @@ dissect_h225_h225_RasMessage(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree ras_call_matching(tvb, pinfo, tr, h225_pi); + next_tvb_call(h245_list, pinfo, tree, h245dg_handle, data_handle); + next_tvb_call(tp_list, pinfo, tree, NULL, data_handle); + tap_queue_packet(h225_tap, pinfo, h225_pi); return offset; |