diff options
author | Mike Morrin <morrinmike@gmail.com> | 2016-04-20 15:43:12 +0200 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2016-04-21 17:25:39 +0000 |
commit | 2048bc225875257bbf8810e4e103324629e3693a (patch) | |
tree | f53d0aaaf70f9ee4b2fbb23889e3cdc7d4b3bde9 /epan/dissectors/packet-dof.c | |
parent | 17ccb2cb44846102ddfbce752aaf56edd9870cce (diff) |
DOF: Fix stack corruption due to incorrect pointer use
Bug: 12351
Change-Id: Ibf01223046697aacefd2646d98ad9d863c46fdd3
Reviewed-on: https://code.wireshark.org/review/15018
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'epan/dissectors/packet-dof.c')
-rw-r--r-- | epan/dissectors/packet-dof.c | 32 |
1 files changed, 16 insertions, 16 deletions
diff --git a/epan/dissectors/packet-dof.c b/epan/dissectors/packet-dof.c index ef8261640f..aa2834c708 100644 --- a/epan/dissectors/packet-dof.c +++ b/epan/dissectors/packet-dof.c @@ -8925,12 +8925,12 @@ static int dissect_sgmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, voi { /* SGMP Key Request - Security.4 */ { - dof_2008_16_security_4 *response; + dof_2008_16_security_4 response; offset = dof_dissect_pdu_as_field(dissect_2008_16_security_4, tvb, pinfo, sgmp_tree, - offset, hf_initiator_block, ett_initiator_block, (void **)&response); - if (response && !packet_data->processed) + offset, hf_initiator_block, ett_initiator_block, &response); + if (!packet_data->processed) { - tvbuff_t *identity = response->identity; + tvbuff_t *identity = response.identity; guint8 identity_length = tvb_reported_length(identity); guint8 *identity_buf = (guint8 *)wmem_alloc0(wmem_file_scope(), identity_length); @@ -9931,17 +9931,17 @@ static int dissect_trp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void /* Initiator Block - TRP.4.1.1 */ { - dof_2008_16_security_4 *response; + dof_2008_16_security_4 response; trp_packet_data *trp_pkt_data = NULL; start_offset = offset; /* Initiator Key Request - Security.4 */ offset = dof_dissect_pdu_as_field(dissect_2008_16_security_4, tvb, pinfo, trp_tree, - offset, hf_initiator_request, ett_initiator_request, (void **)&response); - if (response && !packet_data->processed) + offset, hf_initiator_request, ett_initiator_request, &response); + if (!packet_data->processed) { - tvbuff_t *identity = response->identity; + tvbuff_t *identity = response.identity; guint8 identity_length = tvb_reported_length(identity); guint8 *identity_buf = (guint8 *)wmem_alloc0(wmem_packet_scope(), identity_length); int i; @@ -10243,17 +10243,17 @@ static int dissect_trp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void /* Initiator Block - TRP.6.1.1 */ { - dof_2008_16_security_4 *response; + dof_2008_16_security_4 response; trp_packet_data *trp_pkt_data = NULL; start_offset = offset; /* Initiator Key Request - Security.4 */ offset = dof_dissect_pdu_as_field(dissect_2008_16_security_4, tvb, pinfo, trp_tree, - offset, hf_initiator_request, ett_initiator_request, (void **)&response); - if (response && !packet_data->processed) + offset, hf_initiator_request, ett_initiator_request, &response); + if (!packet_data->processed) { - tvbuff_t *identity = response->identity; + tvbuff_t *identity = response.identity; guint8 identity_length = tvb_reported_length(identity); guint8 *identity_buf = (guint8 *)wmem_alloc0(wmem_packet_scope(), identity_length); int i; @@ -10332,7 +10332,7 @@ static int dissect_trp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void /* Initiator Block - TRP.5.1.1 */ { - dof_2008_16_security_4 *response; + dof_2008_16_security_4 response; trp_packet_data *trp_pk_data = NULL; start_offset = offset; @@ -10343,10 +10343,10 @@ static int dissect_trp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void /* Initiator Key Request - Security.4 */ offset = dof_dissect_pdu_as_field(dissect_2008_16_security_4, tvb, pinfo, trp_tree, - offset, hf_initiator_request, ett_initiator_request, (void **)&response); - if (response && !packet_data->processed) + offset, hf_initiator_request, ett_initiator_request, &response); + if (!packet_data->processed) { - tvbuff_t *identity = response->identity; + tvbuff_t *identity = response.identity; guint8 identity_length = tvb_reported_length(identity); guint8 *identity_buf = (guint8 *)wmem_alloc0(wmem_packet_scope(), identity_length); int i; |