Huzaifa Sidhpurwala of Red Hat Security Response Team discovered that we

could dereferene a NULL pointer if we had a corrupted Diameter dictionary. Additionally, it was possible to push an invalid input buffer onto the include stack. git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@37011 f5534014-38df-0310-8fa8-9805f1628bb7
author: gerald <gerald@f5534014-38df-0310-8fa8-9805f1628bb7> 2011-05-06 19:39:47 +0000
committer: gerald <gerald@f5534014-38df-0310-8fa8-9805f1628bb7> 2011-05-06 19:39:47 +0000
commit: dd18b51f10250348ce60a4d149258a8486febf69 (patch)
tree: 6eaf172f51470934c23e48a8a114dc5ee8f16f01 /epan
parent: 16872e7db5bd6510a4c9b54dff958f8bc4f4c400 (diff)
1 files changed, 2 insertions, 4 deletions
diff --git a/epan/diam_dict.l b/epan/diam_dict.l
index 4de9c88a9f..bdcfc2b8a5 100644
--- a/epan/diam_dict.l
+++ b/epan/diam_dict.l
@@ -269,9 +269,6 @@ description_attr description=\042
 		yyterminate();
 	}
 
-	include_stack[include_stack_ptr++] = YY_CURRENT_BUFFER;
-
-
 	for (e = ents.next; e; e = e->next) {
 		if (strcmp(e->name,yytext) == 0) {
 			yyin = ddict_open(sys_dir,e->file);
@@ -282,6 +279,7 @@ description_attr description=\042
 					yyterminate();
 				}
 			} else {
+				include_stack[include_stack_ptr++] = YY_CURRENT_BUFFER;
 				yy_switch_to_buffer(yy_create_buffer( yyin, YY_BUF_SIZE ) );
 				BEGIN LOADING;
 			}
@@ -290,7 +288,7 @@ description_attr description=\042
 	}
 
 	if (!e) {
-		fprintf(stderr, "Could not find entity: '%s'", e->name );
+		fprintf(stderr, "Could not find entity: '%s'\n", yytext );
 		yyterminate();
 	}
author	gerald <gerald@f5534014-38df-0310-8fa8-9805f1628bb7>	2011-05-06 19:39:47 +0000
committer	gerald <gerald@f5534014-38df-0310-8fa8-9805f1628bb7>	2011-05-06 19:39:47 +0000
commit	dd18b51f10250348ce60a4d149258a8486febf69 (patch)
tree	6eaf172f51470934c23e48a8a114dc5ee8f16f01 /epan
parent	16872e7db5bd6510a4c9b54dff958f8bc4f4c400 (diff)