SSL: dynamically allocate session ticket storage area to avoid buffer overflow

Fixes bug 9825 Change-Id: I20ae65331ec11b2f6774054df4c026fd5fa76d3a Reviewed-on: https://code.wireshark.org/review/447 Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com> Tested-by: Pascal Quantin <pascal.quantin@gmail.com>
author: Pascal Quantin <pascal.quantin@gmail.com> 2014-03-02 18:25:31 +0100
committer: Pascal Quantin <pascal.quantin@gmail.com> 2014-03-03 15:36:21 +0000
commit: 5fc9db83cf50f9fd27e64e3c249fef0f9459a05c (patch)
tree: 40e26ed0ee935da1371ab94dd557a4e1081f0f05 /epan/dissectors/packet-ssl.c
parent: 2ab72685fb6f27b485f356432ea600ffa83588f5 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c
index 5aabd55531..efbad01d41 100644
--- a/epan/dissectors/packet-ssl.c
+++ b/epan/dissectors/packet-ssl.c
@@ -2533,6 +2533,8 @@ dissect_ssl3_hnd_new_ses_ticket(tvbuff_t *tvb, proto_tree *tree,
 
     /* save the session ticket to cache */
     if(ssl){
+        ssl->session_ticket.data = (guchar*)wmem_realloc(wmem_file_scope(),
+                                    ssl->session_ticket.data, session_ticket_length);
         tvb_memcpy(tvb,ssl->session_ticket.data, offset, session_ticket_length);
         ssl->session_ticket.data_len = session_ticket_length;
         ssl_save_session_ticket(ssl, ssl_session_hash);
author	Pascal Quantin <pascal.quantin@gmail.com>	2014-03-02 18:25:31 +0100
committer	Pascal Quantin <pascal.quantin@gmail.com>	2014-03-03 15:36:21 +0000
commit	5fc9db83cf50f9fd27e64e3c249fef0f9459a05c (patch)
tree	40e26ed0ee935da1371ab94dd557a4e1081f0f05 /epan/dissectors/packet-ssl.c
parent	2ab72685fb6f27b485f356432ea600ffa83588f5 (diff)