Wireshark-commits: [Wireshark-commits] master-2.6 66c0bfa: rnsap: fix use-after-free of "obj_id"

From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Wed, 23 May 2018 11:21:59 +0000
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=66c0bfa1d602da4761d8a23b2f991129d0f035ba
Submitter: Peter Wu (peter@xxxxxxxxxxxxx)
Changed: branch: master-2.6
Repository: wireshark

Commits:

66c0bfa by Peter Wu (peter@xxxxxxxxxxxxx):

    rnsap: fix use-after-free of "obj_id"
    
    dissect_PrivateIEFieldValue could use "obj_id" after it was freed. Use
    per-packet info instead of globals to avoid such dangling pointers and
    erase any previous state to avoid interference in the same packet.
    
    Change-Id: I7376210ef02a8e781b5a34858ae47d2254c74948
    Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4311
    Reviewed-on: https://code.wireshark.org/review/27650
    Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
    Tested-by: Petri Dish Buildbot
    Reviewed-by: Darien Spencer <cusneud@xxxxxxxx>
    Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
    (cherry picked from commit 8fdaeb80e81dca1cd7c6af3fba8648b664fb7141)
    Reviewed-on: https://code.wireshark.org/review/27705
    

Actions performed:

    from  ed580c7   Qt: Default no selection in UAT dialog
    adds  66c0bfa   rnsap: fix use-after-free of "obj_id"


Summary of changes:
 epan/dissectors/asn1/rnsap/packet-rnsap-template.c |  57 ++++++++---
 epan/dissectors/asn1/rnsap/rnsap.cnf               |  26 ++---
 epan/dissectors/packet-rnsap.c                     | 107 +++++++++++++--------
 3 files changed, 122 insertions(+), 68 deletions(-)