diff options
| author | Pascal Quantin <pascal.quantin@gmail.com> | 2015-10-17 13:28:19 +0200 |
|---|---|---|
| committer | Pascal Quantin <pascal.quantin@gmail.com> | 2015-10-17 14:13:45 +0000 |
| commit | daa562cecc397fb9491820e552d9fb6cf95b6b72 (patch) | |
| tree | 5f5d9de2e9035e64b9e716e68e06bca6a7b08979 | |
| parent | 5fb38a30f8a6d913042c4b20948f6370f105f29e (diff) | |
| download | wireshark-daa562cecc397fb9491820e552d9fb6cf95b6b72.tar.gz | |
NBAP: avoid dereferencing a NULL pointer
Bug: 11602
Change-Id: I56b9db19eca416c288f36c1f3a4faa7e22b38c8f
Reviewed-on: https://code.wireshark.org/review/11109
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
(cherry picked from commit 5bf565690ad9f0771196d8fa237aa37fae3bb7cc)
Conflicts:
epan/dissectors/packet-nbap.c
Reviewed-on: https://code.wireshark.org/review/11116
| -rw-r--r-- | asn1/nbap/nbap.cnf | 7 | ||||
| -rw-r--r-- | epan/dissectors/packet-nbap.c | 71 |
2 files changed, 42 insertions, 36 deletions
diff --git a/asn1/nbap/nbap.cnf b/asn1/nbap/nbap.cnf index 830660db5f..d5c12c98f2 100644 --- a/asn1/nbap/nbap.cnf +++ b/asn1/nbap/nbap.cnf @@ -1243,7 +1243,7 @@ dch_id = 0xFFFFFFFF; #.FN_BODY RL-Specific-E-DCH-Information-Item address dst_addr, null_addr; conversation_t *conversation; -umts_fp_conversation_info_t *umts_fp_conversation_info; +umts_fp_conversation_info_t *umts_fp_conversation_info = NULL; nbap_edch_port_info_t *old_info = NULL; transportLayerAddress_ipv4 = 0; @@ -1263,11 +1263,14 @@ BindingID_port = 0; conversation = find_conversation(actx->pinfo->fd->num,&dst_addr, &null_addr, PT_UDP, BindingID_port, 0, NO_ADDR_B|NO_PORT_B); + if (conversation) { + umts_fp_conversation_info = (umts_fp_conversation_info_t*)conversation_get_proto_data(conversation, proto_fp); + } /* We must also check if this port is about to be overriden, if thats the case we * might already have a DCH entry on this port which should be overwritten */ - if (conversation == NULL || ((umts_fp_conversation_info_t*)conversation_get_proto_data(conversation, proto_fp))->channel == CHANNEL_DCH) { + if ((conversation == NULL) || (umts_fp_conversation_info && umts_fp_conversation_info->channel == CHANNEL_DCH)) { diff --git a/epan/dissectors/packet-nbap.c b/epan/dissectors/packet-nbap.c index aa94040b71..7d93b34d44 100644 --- a/epan/dissectors/packet-nbap.c +++ b/epan/dissectors/packet-nbap.c @@ -10038,7 +10038,7 @@ dissect_nbap_AddorDeleteIndicator(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t static int dissect_nbap_CFN(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 2144 "../../asn1/nbap/nbap.cnf" +#line 2147 "../../asn1/nbap/nbap.cnf" offset = dissect_per_constrained_integer(tvb, offset, actx, tree, hf_index, 0U, 255U, &cfn, FALSE); @@ -10291,7 +10291,7 @@ dissect_nbap_AvailabilityStatus(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *a static int dissect_nbap_HSDSCH_RNTI(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 2109 "../../asn1/nbap/nbap.cnf" +#line 2112 "../../asn1/nbap/nbap.cnf" umts_fp_conversation_info_t *umts_fp_conversation_info = NULL; address null_addr; conversation_t *conversation = NULL; @@ -11513,7 +11513,7 @@ dissect_nbap_Common_E_DCH_Resource_Combination_InfoList(tvbuff_t *tvb _U_, int o static int dissect_nbap_Common_MACFlow_ID(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1968 "../../asn1/nbap/nbap.cnf" +#line 1971 "../../asn1/nbap/nbap.cnf" offset = dissect_per_constrained_integer(tvb, offset, actx, tree, hf_index, 0U, maxNrOfCommonMACFlows_1, &common_macdflow_id, FALSE); @@ -11647,7 +11647,7 @@ dissect_nbap_E_DCH_MACdFlow_Multiplexing_List(tvbuff_t *tvb _U_, int offset _U_, static int dissect_nbap_LogicalChannelID(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1621 "../../asn1/nbap/nbap.cnf" +#line 1624 "../../asn1/nbap/nbap.cnf" /* Set logical channel id for this entry*/ offset = dissect_per_constrained_integer(tvb, offset, actx, tree, hf_index, 1U, 15U, &logical_channel_id, FALSE); @@ -11666,7 +11666,7 @@ dissect_nbap_LogicalChannelID(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *act static int dissect_nbap_MAC_PDU_SizeExtended(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1724 "../../asn1/nbap/nbap.cnf" +#line 1727 "../../asn1/nbap/nbap.cnf" offset = dissect_per_constrained_integer(tvb, offset, actx, tree, hf_index, 1U, 1504U, NULL, TRUE); @@ -12089,7 +12089,7 @@ static const per_sequence_t CommonMACFlow_Specific_InfoItem_sequence[] = { static int dissect_nbap_CommonMACFlow_Specific_InfoItem(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1975 "../../asn1/nbap/nbap.cnf" +#line 1978 "../../asn1/nbap/nbap.cnf" address dst_addr; transportLayerAddress_ipv4 = 0; BindingID_port = 0; @@ -12134,7 +12134,7 @@ dissect_nbap_CommonMACFlow_Specific_InfoList(tvbuff_t *tvb _U_, int offset _U_, static int dissect_nbap_MACdPDU_Size(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1612 "../../asn1/nbap/nbap.cnf" +#line 1615 "../../asn1/nbap/nbap.cnf" offset = dissect_per_constrained_integer(tvb, offset, actx, tree, hf_index, 1U, 5000U, &MACdPDU_Size, TRUE); @@ -13354,7 +13354,7 @@ dissect_nbap_CriticalityDiagnostics(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_ static int dissect_nbap_CRNC_CommunicationContextID(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 2083 "../../asn1/nbap/nbap.cnf" +#line 2086 "../../asn1/nbap/nbap.cnf" offset = dissect_per_constrained_integer(tvb, offset, actx, tree, hf_index, 0U, 1048575U, &com_context_id, FALSE); @@ -18038,7 +18038,7 @@ dissect_nbap_E_DCH_HARQ_Combining_Capability(tvbuff_t *tvb _U_, int offset _U_, static int dissect_nbap_E_DCH_DDI_Value(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1602 "../../asn1/nbap/nbap.cnf" +#line 1605 "../../asn1/nbap/nbap.cnf" offset = dissect_per_constrained_integer(tvb, offset, actx, tree, hf_index, 0U, 62U, &e_dch_ddi_value, FALSE); @@ -18172,7 +18172,7 @@ static const per_sequence_t E_DCH_LogicalChannelInformationItem_sequence[] = { static int dissect_nbap_E_DCH_LogicalChannelInformationItem(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1599 "../../asn1/nbap/nbap.cnf" +#line 1602 "../../asn1/nbap/nbap.cnf" num_items++; @@ -18189,7 +18189,7 @@ static const per_sequence_t E_DCH_LogicalChannelInformation_sequence_of[1] = { static int dissect_nbap_E_DCH_LogicalChannelInformation(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1592 "../../asn1/nbap/nbap.cnf" +#line 1595 "../../asn1/nbap/nbap.cnf" num_items = 0; offset = dissect_per_constrained_sequence_of(tvb, offset, actx, tree, hf_index, @@ -18222,7 +18222,7 @@ static const per_sequence_t E_DCH_MACdFlow_Specific_InfoItem_sequence[] = { static int dissect_nbap_E_DCH_MACdFlow_Specific_InfoItem(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1354 "../../asn1/nbap/nbap.cnf" +#line 1357 "../../asn1/nbap/nbap.cnf" umts_fp_conversation_info_t *p_conv_data = NULL; address null_addr; conversation_t *p_conv; @@ -18405,7 +18405,7 @@ static const per_sequence_t E_DCH_LogicalChannelToModifyItem_sequence[] = { static int dissect_nbap_E_DCH_LogicalChannelToModifyItem(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1587 "../../asn1/nbap/nbap.cnf" +#line 1590 "../../asn1/nbap/nbap.cnf" offset = dissect_per_sequence(tvb, offset, actx, tree, hf_index, ett_nbap_E_DCH_LogicalChannelToModifyItem, E_DCH_LogicalChannelToModifyItem_sequence); @@ -18480,7 +18480,7 @@ static const per_sequence_t E_DCH_MACdFlow_Specific_InfoItem_to_Modify_sequence[ static int dissect_nbap_E_DCH_MACdFlow_Specific_InfoItem_to_Modify(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1495 "../../asn1/nbap/nbap.cnf" +#line 1498 "../../asn1/nbap/nbap.cnf" guint32 no_ddi_entries, i; address null_addr; nbap_edch_port_info_t *old_info; @@ -18622,7 +18622,7 @@ static const per_sequence_t E_DCH_FDD_Information_to_Modify_sequence[] = { static int dissect_nbap_E_DCH_FDD_Information_to_Modify(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1407 "../../asn1/nbap/nbap.cnf" +#line 1410 "../../asn1/nbap/nbap.cnf" address dst_addr, null_addr; conversation_t *conversation,*old_conversation = NULL; @@ -23314,7 +23314,7 @@ static const per_sequence_t HSDSCH_Common_System_InformationFDD_sequence[] = { static int dissect_nbap_HSDSCH_Common_System_InformationFDD(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1995 "../../asn1/nbap/nbap.cnf" +#line 1998 "../../asn1/nbap/nbap.cnf" /* * 5.1.6 High Speed Downlink Shared Channels * The Data Transfer procedure is used to transfer a HS-DSCH DATA FRAME (TYPE 1, TYPE 2 [FDD and 1.28Mcps @@ -23475,7 +23475,7 @@ static const per_sequence_t HSDSCH_MACdFlow_Specific_InfoItem_sequence[] = { static int dissect_nbap_HSDSCH_MACdFlow_Specific_InfoItem(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1702 "../../asn1/nbap/nbap.cnf" +#line 1705 "../../asn1/nbap/nbap.cnf" address dst_addr; @@ -23578,7 +23578,7 @@ static const value_string nbap_RLC_Mode_vals[] = { static int dissect_nbap_RLC_Mode(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1629 "../../asn1/nbap/nbap.cnf" +#line 1632 "../../asn1/nbap/nbap.cnf" guint32 rlc_mode; offset = dissect_per_enumerated(tvb, offset, actx, tree, hf_index, @@ -23619,7 +23619,7 @@ static const per_sequence_t PriorityQueue_InfoItem_sequence[] = { static int dissect_nbap_PriorityQueue_InfoItem(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1693 "../../asn1/nbap/nbap.cnf" +#line 1696 "../../asn1/nbap/nbap.cnf" num_items++; @@ -23653,7 +23653,7 @@ static const per_sequence_t HSDSCH_MACdFlows_Information_sequence[] = { static int dissect_nbap_HSDSCH_MACdFlows_Information(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1653 "../../asn1/nbap/nbap.cnf" +#line 1656 "../../asn1/nbap/nbap.cnf" int protocol_ie_id; guint32 i; @@ -23697,7 +23697,7 @@ dissect_nbap_HSDSCH_MACdFlows_Information(tvbuff_t *tvb _U_, int offset _U_, asn static int dissect_nbap_T_hSDSCH_Physical_Layer_Category(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1646 "../../asn1/nbap/nbap.cnf" +#line 1649 "../../asn1/nbap/nbap.cnf" guint32 hsdsch_physical_layer_category; offset = dissect_per_constrained_integer(tvb, offset, actx, tree, hf_index, @@ -23765,7 +23765,7 @@ static const per_sequence_t HSDSCH_FDD_Information_sequence[] = { static int dissect_nbap_HSDSCH_FDD_Information(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1754 "../../asn1/nbap/nbap.cnf" +#line 1757 "../../asn1/nbap/nbap.cnf" /* * Collect the information about the HSDSCH MACdFlows set up conversation(s) and set the conversation data. */ @@ -23902,7 +23902,7 @@ static const per_sequence_t HSDSCH_MACdFlow_Specific_InfoItem_to_Modify_sequence static int dissect_nbap_HSDSCH_MACdFlow_Specific_InfoItem_to_Modify(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1843 "../../asn1/nbap/nbap.cnf" +#line 1846 "../../asn1/nbap/nbap.cnf" address dst_addr; transportLayerAddress_ipv4 = 0; BindingID_port = 0; @@ -23960,7 +23960,7 @@ static const per_sequence_t PriorityQueue_InfoItem_to_Add_sequence[] = { static int dissect_nbap_PriorityQueue_InfoItem_to_Add(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1696 "../../asn1/nbap/nbap.cnf" +#line 1699 "../../asn1/nbap/nbap.cnf" num_items = 1; @@ -24095,7 +24095,7 @@ static const per_sequence_t HSDSCH_Information_to_Modify_sequence[] = { static int dissect_nbap_HSDSCH_Information_to_Modify(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1863 "../../asn1/nbap/nbap.cnf" +#line 1866 "../../asn1/nbap/nbap.cnf" /* * This is pretty much the same like if we setup a previous flow */ @@ -24217,7 +24217,7 @@ static const value_string nbap_HSDSCH_MACdPDUSizeFormat_vals[] = { static int dissect_nbap_HSDSCH_MACdPDUSizeFormat(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1731 "../../asn1/nbap/nbap.cnf" +#line 1734 "../../asn1/nbap/nbap.cnf" /* * Removed 10 Aug. 2012, I'm not sure if this was right, it wrongfully * set some packets as type 2 for HSDHCH modified items. @@ -24328,7 +24328,7 @@ static const per_sequence_t HSDSCH_MACdFlow_Specific_InformationResp_Item_sequen static int dissect_nbap_HSDSCH_MACdFlow_Specific_InformationResp_Item(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1699 "../../asn1/nbap/nbap.cnf" +#line 1702 "../../asn1/nbap/nbap.cnf" num_items++; @@ -24744,7 +24744,7 @@ static const per_sequence_t HSDSCH_Paging_System_InformationFDD_sequence[] = { static int dissect_nbap_HSDSCH_Paging_System_InformationFDD(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 2073 "../../asn1/nbap/nbap.cnf" +#line 2076 "../../asn1/nbap/nbap.cnf" /* g_warning("HS-DSCH Type 3 NOT Implemented!"); */ @@ -24938,7 +24938,7 @@ static const per_sequence_t HSDSCH_MACdFlows_to_Delete_Item_sequence[] = { static int dissect_nbap_HSDSCH_MACdFlows_to_Delete_Item(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1690 "../../asn1/nbap/nbap.cnf" +#line 1693 "../../asn1/nbap/nbap.cnf" num_items++; @@ -24955,7 +24955,7 @@ static const per_sequence_t HSDSCH_MACdFlows_to_Delete_sequence_of[1] = { static int dissect_nbap_HSDSCH_MACdFlows_to_Delete(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1685 "../../asn1/nbap/nbap.cnf" +#line 1688 "../../asn1/nbap/nbap.cnf" num_items = 0; @@ -28057,7 +28057,7 @@ dissect_nbap_NI_Information(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx static int dissect_nbap_NodeB_CommunicationContextID(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 2087 "../../asn1/nbap/nbap.cnf" +#line 2090 "../../asn1/nbap/nbap.cnf" /*Set up and map that maps Node-B ids to CRNC ids, since often you only have one of them present in nbap*/ nbap_com_context_id_t *cur_val; @@ -28791,7 +28791,7 @@ dissect_nbap_RL_Specific_E_DCH_Information_Item(tvbuff_t *tvb _U_, int offset _U #line 1244 "../../asn1/nbap/nbap.cnf" address dst_addr, null_addr; conversation_t *conversation; -umts_fp_conversation_info_t *umts_fp_conversation_info; +umts_fp_conversation_info_t *umts_fp_conversation_info = NULL; nbap_edch_port_info_t *old_info = NULL; transportLayerAddress_ipv4 = 0; @@ -28813,11 +28813,14 @@ BindingID_port = 0; conversation = find_conversation(actx->pinfo->fd->num,&dst_addr, &null_addr, PT_UDP, BindingID_port, 0, NO_ADDR_B|NO_PORT_B); + if (conversation) { + umts_fp_conversation_info = (umts_fp_conversation_info_t*)conversation_get_proto_data(conversation, proto_fp); + } /* We must also check if this port is about to be overriden, if thats the case we * might already have a DCH entry on this port which should be overwritten */ - if (conversation == NULL || ((umts_fp_conversation_info_t*)conversation_get_proto_data(conversation, proto_fp))->channel == CHANNEL_DCH) { + if ((conversation == NULL) || (umts_fp_conversation_info && umts_fp_conversation_info->channel == CHANNEL_DCH)) { @@ -41072,7 +41075,7 @@ col_set_str(actx->pinfo->cinfo, COL_INFO,"RadioLinkReconfigurationCommit "); actx->pinfo->link_dir=P2P_DIR_DL; -#line 2136 "../../asn1/nbap/nbap.cnf" +#line 2139 "../../asn1/nbap/nbap.cnf" /* * Here we need to signal the CFN value, down to FP so * that lowert layers know when a reconfiguration becomes active |