From 5fc9db83cf50f9fd27e64e3c249fef0f9459a05c Mon Sep 17 00:00:00 2001
From: Pascal Quantin <pascal.quantin@gmail.com>
Date: Sun, 2 Mar 2014 18:25:31 +0100
Subject: SSL: dynamically allocate session ticket storage area to avoid buffer
 overflow

Fixes bug 9825

Change-Id: I20ae65331ec11b2f6774054df4c026fd5fa76d3a
Reviewed-on: https://code.wireshark.org/review/447
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Pascal Quantin <pascal.quantin@gmail.com>
---
 epan/dissectors/packet-ssl.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'epan/dissectors/packet-ssl.c')

diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c
index 5aabd55531..efbad01d41 100644
--- a/epan/dissectors/packet-ssl.c
+++ b/epan/dissectors/packet-ssl.c
@@ -2533,6 +2533,8 @@ dissect_ssl3_hnd_new_ses_ticket(tvbuff_t *tvb, proto_tree *tree,
 
     /* save the session ticket to cache */
     if(ssl){
+        ssl->session_ticket.data = (guchar*)wmem_realloc(wmem_file_scope(),
+                                    ssl->session_ticket.data, session_ticket_length);
         tvb_memcpy(tvb,ssl->session_ticket.data, offset, session_ticket_length);
         ssl->session_ticket.data_len = session_ticket_length;
         ssl_save_session_ticket(ssl, ssl_session_hash);
-- 
cgit v1.2.3