URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8fdaeb80e81dca1cd7c6af3fba8648b664fb7141
Submitter: Peter Wu (peter@xxxxxxxxxxxxx)
Changed: branch: master
Repository: wireshark
Commits:
8fdaeb8 by Peter Wu (peter@xxxxxxxxxxxxx):
rnsap: fix use-after-free of "obj_id"
dissect_PrivateIEFieldValue could use "obj_id" after it was freed. Use
per-packet info instead of globals to avoid such dangling pointers and
erase any previous state to avoid interference in the same packet.
Change-Id: I7376210ef02a8e781b5a34858ae47d2254c74948
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4311
Reviewed-on: https://code.wireshark.org/review/27650
Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Darien Spencer <cusneud@xxxxxxxx>
Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
Actions performed:
from ede3cde lwm2mtlv: Fix reloading Resource name table
adds 8fdaeb8 rnsap: fix use-after-free of "obj_id"
Summary of changes:
epan/dissectors/asn1/rnsap/packet-rnsap-template.c | 57 ++++++++---
epan/dissectors/asn1/rnsap/rnsap.cnf | 26 ++---
epan/dissectors/packet-rnsap.c | 107 +++++++++++++--------
3 files changed, 122 insertions(+), 68 deletions(-)