From 01e858e0a3efef54957efc0f4cae0106660dded3 Mon Sep 17 00:00:00 2001
From: Brian Sipos <brian.sipos@gmail.com>
Date: Tue, 12 Oct 2021 18:59:57 -0400
Subject: BP: Fix crashes on invalid fuzzed inputs

---
 epan/dissectors/packet-bpsec.c | 2 +-
 epan/dissectors/packet-bpv6.c  | 2 ++
 epan/dissectors/packet-bpv7.c  | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

(limited to 'epan/dissectors')

diff --git a/epan/dissectors/packet-bpsec.c b/epan/dissectors/packet-bpsec.c
index e9d6b5aea0..87fc0e1622 100644
--- a/epan/dissectors/packet-bpsec.c
+++ b/epan/dissectors/packet-bpsec.c
@@ -254,7 +254,7 @@ static int dissect_block_asb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree
                     expert_add_info(pinfo, item_tgt, &ei_target_invalid);
                 }
             }
-            if (map) {
+            if (map && (data->block->block_number)) {
                 wmem_map_insert(
                     map,
                     data->block->block_number,
diff --git a/epan/dissectors/packet-bpv6.c b/epan/dissectors/packet-bpv6.c
index c3c1f76f06..27175d314a 100644
--- a/epan/dissectors/packet-bpv6.c
+++ b/epan/dissectors/packet-bpv6.c
@@ -2072,6 +2072,8 @@ dissect_bpv6(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_
     col_clear(pinfo->cinfo,COL_INFO);
 
     ti_bundle_protocol = proto_tree_add_item(tree, proto_bundle, tvb, offset, -1, ENC_NA);
+    // identify parent proto version
+    proto_item_append_text(ti_bundle_protocol, " Version %d", version);
 
     bundle_tree = proto_item_add_subtree(ti_bundle_protocol, ett_bundle);
 
diff --git a/epan/dissectors/packet-bpv7.c b/epan/dissectors/packet-bpv7.c
index c6b2660a75..9c7d6a6af6 100644
--- a/epan/dissectors/packet-bpv7.c
+++ b/epan/dissectors/packet-bpv7.c
@@ -1390,7 +1390,7 @@ static int dissect_bp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void
         bp_block_canonical_t *block = wmem_list_frame_data(it);
 
         // Payload block requirements
-        if (*(block->type_code) == BP_BLOCKTYPE_PAYLOAD) {
+        if (block->type_code && (*(block->type_code) == BP_BLOCKTYPE_PAYLOAD)) {
             // must be last block (i.e. next is NULL)
             if (wmem_list_frame_next(it)) {
                 expert_add_info(pinfo, block->item_block, &ei_block_payload_index);
-- 
cgit v1.2.3