URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=66c0bfa1d602da4761d8a23b2f991129d0f035ba
Submitter: Peter Wu (peter@xxxxxxxxxxxxx)
Changed: branch: master-2.6
Repository: wireshark
Commits:
66c0bfa by Peter Wu (peter@xxxxxxxxxxxxx):
rnsap: fix use-after-free of "obj_id"
dissect_PrivateIEFieldValue could use "obj_id" after it was freed. Use
per-packet info instead of globals to avoid such dangling pointers and
erase any previous state to avoid interference in the same packet.
Change-Id: I7376210ef02a8e781b5a34858ae47d2254c74948
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4311
Reviewed-on: https://code.wireshark.org/review/27650
Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Darien Spencer <cusneud@xxxxxxxx>
Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
(cherry picked from commit 8fdaeb80e81dca1cd7c6af3fba8648b664fb7141)
Reviewed-on: https://code.wireshark.org/review/27705
Actions performed:
from ed580c7 Qt: Default no selection in UAT dialog
adds 66c0bfa rnsap: fix use-after-free of "obj_id"
Summary of changes:
epan/dissectors/asn1/rnsap/packet-rnsap-template.c | 57 ++++++++---
epan/dissectors/asn1/rnsap/rnsap.cnf | 26 ++---
epan/dissectors/packet-rnsap.c | 107 +++++++++++++--------
3 files changed, 122 insertions(+), 68 deletions(-)