URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=74bccadff2080a45b6758a355e3c7737409832c4
Submitter: "Pascal Quantin <pascal@xxxxxxxxxxxxx>"
Changed: branch: master
Repository: wireshark
Commits:
74bccad by Mikael Kanstrup (mikael.kanstrup@xxxxxxxx):
dot11crypt: Fix crash on failure finding GTK in decrypted frame
If GTK cannot be found inside a successfully decrypted wireless frame
the dot11crypt engine returns incorrect decrypted data length of 0
bytes. As the IEEE802.11 dissector does not check the length of the
decrypted frame the number of bytes allocated and copied to wmem ends
up being a negative number (i.e. a huge unsigned number). This results
in a SIGSEGV crash while copying data.
Fix this both by returning a correct length from dot11crypt engine
and add extra an protection to the IEEE802.11 dissector if the length
for any (other) reason still would end up being a negative number.
Bug: 16058
Change-Id: I9d0d1cf50498dece2e008222eebbb3edc8f10159
Reviewed-on: https://code.wireshark.org/review/34558
Petri-Dish: Pascal Quantin <pascal@xxxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@xxxxxxxxxxxxx>
Actions performed:
from 828ff6d Qt: Fix issues found by clang.
add 74bccad dot11crypt: Fix crash on failure finding GTK in decrypted frame
Summary of changes:
epan/crypt/dot11decrypt.c | 2 --
epan/dissectors/packet-ieee80211.c | 12 +++++++-----
2 files changed, 7 insertions(+), 7 deletions(-)