Do not take the pointer to a stack object and pass it to the tap system.

The tap listener will try to parse this pointer at a much later stage where the stack frame where this object lived will have dissapeared and possible got overwritten. best that can happen is that service response times for dcerpc interfaces is screwed up more probable is that we get a coredump git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8455 f5534014-38df-0310-8fa8-9805f1628bb7
author: sahlberg <sahlberg@f5534014-38df-0310-8fa8-9805f1628bb7> 2003-09-11 10:31:01 +0000
committer: sahlberg <sahlberg@f5534014-38df-0310-8fa8-9805f1628bb7> 2003-09-11 10:31:01 +0000
commit: abec607ea95917345f3ea130cddebe9c42a7e974 (patch)
tree: 83b1ccd6ed7e92d5d7e777d1f2170fc2370c444e /packet-dcerpc.c
parent: 7618152ed37a0137ee14c77f07fbe3b493d45797 (diff)
1 files changed, 58 insertions, 36 deletions
diff --git a/packet-dcerpc.c b/packet-dcerpc.c
index 42e480a35e..c1a00118dc 100644
--- a/packet-dcerpc.c
+++ b/packet-dcerpc.c
@@ -3,7 +3,7 @@
  * Copyright 2001, Todd Sabin <tas@webspan.net>
  * Copyright 2003, Tim Potter <tpot@samba.org>
  *
- * $Id: packet-dcerpc.c,v 1.138 2003/08/04 02:48:59 tpot Exp $
+ * $Id: packet-dcerpc.c,v 1.139 2003/09/11 10:31:01 sahlberg Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -43,6 +43,7 @@
 
 static int dcerpc_tap = -1;
 
+
 static const value_string pckt_vals[] = {
     { PDU_REQ,        "Request"},
     { PDU_PING,       "Ping"},
@@ -413,6 +414,22 @@ static const fragment_items dcerpc_frag_items = {
 	"fragments"
 };
 
+
+
+static dcerpc_info *
+get_next_di(void)
+{
+	static dcerpc_info di[20];
+	static int di_counter=0;
+
+	di_counter++;
+	if(di_counter>=20){
+		di_counter=0;
+	}
+	return &di[di_counter];
+}
+
+
 typedef struct _dcerpc_auth_info {
   guint8 auth_pad_len;
   guint8 auth_level;
@@ -2645,15 +2662,16 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo,
 	}
 
         if (value) {
-            dcerpc_info di;
+            dcerpc_info *di;
 
+            di=get_next_di();
             /* handoff this call */
-	    di.conv = conv;
-	    di.call_id = hdr->call_id;
-	    di.smb_fid = get_smb_fid(pinfo->private_data);
-	    di.request = TRUE;
-	    di.call_data = value;
-		di.hf_index = -1;
+	    di->conv = conv;
+	    di->call_id = hdr->call_id;
+	    di->smb_fid = get_smb_fid(pinfo->private_data);
+	    di->request = TRUE;
+	    di->call_data = value;
+		di->hf_index = -1;
 
 	    if(value->rep_frame!=0){
 		proto_tree_add_uint(dcerpc_tree, hf_dcerpc_response_in,
@@ -2661,7 +2679,7 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo,
 	    }
 /*qqq request, broken*/
 	    dissect_dcerpc_cn_stub (tvb, offset, pinfo, dcerpc_tree, tree,
-				    hdr, &di, &auth_info, alloc_hint,
+				    hdr, di, &auth_info, alloc_hint,
 				    value->req_frame);
 	} else
 	    show_stub_data (tvb, offset, dcerpc_tree, &auth_info);
@@ -2738,14 +2756,15 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo,
 	}
 
         if (value) {
-            dcerpc_info di;
+            dcerpc_info *di;
 
+            di=get_next_di();
             /* handoff this call */
-	    di.conv = conv;
-	    di.call_id = hdr->call_id;
-	    di.smb_fid = get_smb_fid(pinfo->private_data);
-	    di.request = FALSE;
-	    di.call_data = value;
+	    di->conv = conv;
+	    di->call_id = hdr->call_id;
+	    di->smb_fid = get_smb_fid(pinfo->private_data);
+	    di->request = FALSE;
+	    di->call_data = value;
 
 	    proto_tree_add_uint (dcerpc_tree, hf_dcerpc_opnum, tvb, 0, 0, value->opnum);
 	    if(value->req_frame!=0){
@@ -2763,7 +2782,7 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo,
 
 /*qqq response ok*/
 	    dissect_dcerpc_cn_stub (tvb, offset, pinfo, dcerpc_tree, tree,
-				    hdr, &di, &auth_info, alloc_hint,
+				    hdr, di, &auth_info, alloc_hint,
 				    value->rep_frame);
         } else
             show_stub_data (tvb, offset, dcerpc_tree, &auth_info);
@@ -2851,14 +2870,15 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo,
 
         if (value) {
             int length, reported_length, stub_length;
-            dcerpc_info di;
+            dcerpc_info *di;
 
+            di=get_next_di();
             /* handoff this call */
-	    di.conv = conv;
-	    di.call_id = hdr->call_id;
-	    di.smb_fid = get_smb_fid(pinfo->private_data);
-	    di.request = FALSE;
-	    di.call_data = value;
+	    di->conv = conv;
+	    di->call_id = hdr->call_id;
+	    di->smb_fid = get_smb_fid(pinfo->private_data);
+	    di->request = FALSE;
+	    di->call_data = value;
 
 	    proto_tree_add_uint (dcerpc_tree, hf_dcerpc_opnum, tvb, 0, 0, value->opnum);
 	    if(value->req_frame!=0){
@@ -3548,10 +3568,11 @@ dissect_dcerpc_dg_rqst (tvbuff_t *tvb, int offset, packet_info *pinfo,
                         proto_tree *dcerpc_tree, proto_tree *tree,
                         e_dce_dg_common_hdr_t *hdr, conversation_t *conv)
 {
-    dcerpc_info di;
+    dcerpc_info *di;
     dcerpc_call_value *value, v;
     dcerpc_matched_key matched_key, *new_matched_key;
 
+    di=get_next_di();
     if(!(pinfo->fd->flags.visited)){
 	dcerpc_call_value *call_value;
 	dcerpc_call_key *call_key;
@@ -3593,17 +3614,17 @@ dissect_dcerpc_dg_rqst (tvbuff_t *tvb, int offset, packet_info *pinfo,
         value = &v;
     }
 
-    di.conv = conv;
-    di.call_id = hdr->seqnum;
-    di.smb_fid = -1;
-    di.request = TRUE;
-    di.call_data = value;
+    di->conv = conv;
+    di->call_id = hdr->seqnum;
+    di->smb_fid = -1;
+    di->request = TRUE;
+    di->call_data = value;
 
     if(value->rep_frame!=0){
 	proto_tree_add_uint(dcerpc_tree, hf_dcerpc_response_in,
 			    tvb, 0, 0, value->rep_frame);
     }
-    dissect_dcerpc_dg_stub (tvb, offset, pinfo, dcerpc_tree, tree, hdr, &di);
+    dissect_dcerpc_dg_stub (tvb, offset, pinfo, dcerpc_tree, tree, hdr, di);
 }
 
 static void
@@ -3611,10 +3632,11 @@ dissect_dcerpc_dg_resp (tvbuff_t *tvb, int offset, packet_info *pinfo,
                         proto_tree *dcerpc_tree, proto_tree *tree,
                         e_dce_dg_common_hdr_t *hdr, conversation_t *conv)
 {
-    dcerpc_info di;
+    dcerpc_info *di;
     dcerpc_call_value *value, v;
     dcerpc_matched_key matched_key, *new_matched_key;
 
+    di=get_next_di();
     if(!(pinfo->fd->flags.visited)){
 	dcerpc_call_value *call_value;
 	dcerpc_call_key call_key;
@@ -3647,11 +3669,11 @@ dissect_dcerpc_dg_resp (tvbuff_t *tvb, int offset, packet_info *pinfo,
         value = &v;
     }
 
-    di.conv = conv;
-    di.call_id = 0;
-    di.smb_fid = -1;
-    di.request = FALSE;
-    di.call_data = value;
+    di->conv = conv;
+    di->call_id = 0;
+    di->smb_fid = -1;
+    di->request = FALSE;
+    di->call_data = value;
 
     if(value->req_frame!=0){
 	nstime_t ns;
@@ -3665,7 +3687,7 @@ dissect_dcerpc_dg_resp (tvbuff_t *tvb, int offset, packet_info *pinfo,
 	}
 	proto_tree_add_time(dcerpc_tree, hf_dcerpc_time, tvb, offset, 0, &ns);
     }
-    dissect_dcerpc_dg_stub (tvb, offset, pinfo, dcerpc_tree, tree, hdr, &di);
+    dissect_dcerpc_dg_stub (tvb, offset, pinfo, dcerpc_tree, tree, hdr, di);
 }
 
 /*
author	sahlberg <sahlberg@f5534014-38df-0310-8fa8-9805f1628bb7>	2003-09-11 10:31:01 +0000
committer	sahlberg <sahlberg@f5534014-38df-0310-8fa8-9805f1628bb7>	2003-09-11 10:31:01 +0000
commit	abec607ea95917345f3ea130cddebe9c42a7e974 (patch)
tree	83b1ccd6ed7e92d5d7e777d1f2170fc2370c444e /packet-dcerpc.c
parent	7618152ed37a0137ee14c77f07fbe3b493d45797 (diff)