Wireshark-commits: [Wireshark-commits] master-3.0 91e37ba: NFS: Fix hash table key memory corruptio

From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Mon, 26 Aug 2019 06:29:58 +0000
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=91e37ba6e11a9e6bb1b8b7212f6e42caae26bbc2
Submitter: "Anders Broman <a.broman58@xxxxxxxxx>"
Changed: branch: master-3.0
Repository: wireshark

Commits:

91e37ba by Tomasz Moń (desowin@xxxxxxxxx):

    NFS: Fix hash table key memory corruption
    
    When the same (as determined by key_equal_func) key gets added to the
    GHashTable, old value gets freed and replaced with the new one. This is
    fine for hash tables where the key validity is not tightly coupled to
    the actual data.
    
    In the nfs_name_snoop_matched hash table the key becomes invalid once
    the value gets destroyed (because it shares the data pointed to by fh,
    which gets freed once the value is destroyed).
    
    A problematic capture includes packets such that the matching fh gets
    added twice to the nfs_name_snoop_matched hash table. Prior to this
    change the hash table would end up in a state where the new value is
    associated with the old key (which contains pointer to already freed
    memory). According to the nfs_name_snoop_matched_equal(), the old key
    was equal to the key intended for new value *at the time* of insertion.
    
    This change fixes the bug by using g_hash_table_replace() which does
    update the key in case it already exists in the GHashTable.
    
    Bug: 16017
    Bug: 16019
    Change-Id: Ib3943f1e27e82c05d9abaa1e436554b37a98488e
    Reviewed-on: https://code.wireshark.org/review/34360
    Reviewed-by: Michael Mann <mmann78@xxxxxxxxxxxx>
    Petri-Dish: Michael Mann <mmann78@xxxxxxxxxxxx>
    Tested-by: Petri Dish Buildbot
    Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
    (cherry picked from commit efe2926a66d3d7187a260226678daeb2aa6e4832)
    Reviewed-on: https://code.wireshark.org/review/34361
    Reviewed-by: Tomasz Moń <desowin@xxxxxxxxx>
    

Actions performed:

    from  1961ace   tshark: Complement manual page synopsis
     add  91e37ba   NFS: Fix hash table key memory corruption


Summary of changes:
 epan/dissectors/packet-nfs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)