The dcerpc dissectors used to walk the list of items upward parent by

parent in order to push teh display of extra interesting fields in the 
packet to higher up in the decode tree. This was useful for making sure 
that things like DomainNames etc are clearly visible without having to 
drill down 500 layers of NDR.

This code used to just blindly walk the indicated number of parents, and 
then attach the string to that item.
This relied on the "unsafe" assumption that the topmost item would have 
pointer point to itself, so this was "safe".

This is no longer safe since the root object in the tree now has NULL as 
parent, and thus some of these dcerpc interfaces can now cause a SEGV 
trying to dereference NULL->parent.


I added a macro to safely walk to the parent object, or remain at the 
current object if parent is NULL.



This was a serious bug, where dcerpc traffic could cause a SEGV.
Please merge into all stable versions.





svn path=/trunk/; revision=30208

1 files changed, 20 insertions, 13 deletions

diff --git a/epan/dissectors/packet-dcerpc-nt.c b/epan/dissectors/packet-dcerpc-nt.c
index 1de4013472..28a4fff866 100644
--- a/epan/dissectors/packet-dcerpc-nt.c
+++ b/epan/dissectors/packet-dcerpc-nt.c
@@ -39,6 +39,14 @@
 #include "packet-dcerpc-nt.h"
 #include "packet-windows-common.h"
 
+
+/* This is used to safely walk the decode tree up, one item at a time safely.
+   This is used by dcerpc dissectors that want to push the display of a string
+   higher up in the tree for greater visibility.
+*/
+#define GET_ITEM_PARENT(x) \
+	((x->parent!=NULL)?x->parent:x)
+
 /*
  * This file contains helper routines that are used by the DCERPC over SMB
  * dissectors for wireshark.
@@ -245,15 +253,15 @@ static void cb_byte_array_postprocess(packet_info *pinfo, proto_tree *tree _U_,
 
 	if (levels > 0 && item && s && s[0]) {
 		proto_item_append_text(item, ": %s", s);
-		item = item->parent;
+		item = GET_ITEM_PARENT(item);
 		levels--;
 		if (levels > 0) {
 			proto_item_append_text(item, ": %s", s);
-			item = item->parent;
+			item = GET_ITEM_PARENT(item);
 			levels--;
 			while (levels > 0) {
 				proto_item_append_text(item, " %s", s);
-				item = item->parent;
+				item = GET_ITEM_PARENT(item);
 				levels--;
 			}
 		}
@@ -1132,18 +1140,17 @@ void cb_wstr_postprocess(packet_info *pinfo, proto_tree *tree _U_,
 	}
 
 	/* Append string to upper-level proto_items */
-
 	if (levels > 0 && item && s && s[0]) {
 		proto_item_append_text(item, ": %s", s);
-		item = item->parent;
+		item = GET_ITEM_PARENT(item);
 		levels--;
 		if (levels > 0) {
 			proto_item_append_text(item, ": %s", s);
-			item = item->parent;
+			item = GET_ITEM_PARENT(item);
 			levels--;
 			while (levels > 0) {
 				proto_item_append_text(item, " %s", s);
-				item = item->parent;
+				item = GET_ITEM_PARENT(item);
 				levels--;
 			}
 		}
@@ -1198,15 +1205,15 @@ void cb_str_postprocess(packet_info *pinfo, proto_tree *tree _U_,
 
 	if (levels > 0 && item && s && s[0]) {
 		proto_item_append_text(item, ": %s", s);
-		item = item->parent;
+		item = GET_ITEM_PARENT(item);
 		levels--;
 		if (levels > 0) {
 			proto_item_append_text(item, ": %s", s);
-			item = item->parent;
+			item = GET_ITEM_PARENT(item);
 			levels--;
 			while (levels > 0) {
 				proto_item_append_text(item, " %s", s);
-				item = item->parent;
+				item = GET_ITEM_PARENT(item);
 				levels--;
 			}
 		}
@@ -1311,15 +1318,15 @@ dissect_ndr_nt_SID_with_options(tvbuff_t *tvb, int offset, packet_info *pinfo, p
 
 		if (levels > 0 && item && s && s[0]) {
 			proto_item_append_text(item, ": %s", s);
-			item = item->parent;
+			item = GET_ITEM_PARENT(item);
 			levels--;
 			if (levels > 0) {
 				proto_item_append_text(item, ": %s", s);
-				item = item->parent;
+				item = GET_ITEM_PARENT(item);
 				levels--;
 				while (levels > 0) {
 					proto_item_append_text(item, " %s", s);
-					item = item->parent;
+					item = GET_ITEM_PARENT(item);
 					levels--;
 				}
 			}