URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ede1af20ba483dd7b6b35d3bd1eabe5cc463592c
Submitter: Guy Harris (guy@xxxxxxxxxxxx)
Changed: branch: master
Repository: wireshark
Commits:
ede1af2 by Martin Kaiser (wireshark@xxxxxxxxx):
eap: make eap_identity_prefix a numeric item
This used to be string item, its value was not 0-terminated. This
resulted in out-of-bounds mem acceess when eap_identity_prefix was used
by proto_tree_add_string_format().
==14744== Conditional jump or move depends on uninitialised value(s)
==14744== at 0x4C294F8: strlen (mc_replace_strmem.c:390)
==14744== by 0xC19C97F: g_strdup (gstrfuncs.c:355)
==14744== by 0x739CA75: string_fvalue_set_string (ftype-string.c:51)
==14744== by 0x67136A9: proto_tree_add_string (proto.c:3515)
==14744== by 0x6713870: proto_tree_add_string_format (proto.c:3547)
==14744== by 0x69BB494: dissect_eap (packet-eap.c:838)
==14744== by 0x66FD0B4: call_dissector_work (packet.c:649)
As the content is a number anyway, the simplest solution is to make
eap_identity_prefix a numeric item and use
proto_tree_add_uint_format_value().
Bug: 12913
Change-Id: I907b1d3555a96e9662b1d8253d17d35adfdada48
Reviewed-on: https://code.wireshark.org/review/17760
Reviewed-by: Guy Harris <guy@xxxxxxxxxxxx>
Actions performed:
from 983a969 eap: (trivial) reformat a comment
adds ede1af2 eap: make eap_identity_prefix a numeric item
Summary of changes:
epan/dissectors/packet-eap.c | 21 ++++++++++-----------
1 file changed, 10 insertions(+), 11 deletions(-)