From a77290cea14be402ef09074ffa45300d07e081c2 Mon Sep 17 00:00:00 2001
From: Pascal Quantin <pascal.quantin@gmail.com>
Date: Wed, 25 Nov 2015 17:53:30 +0100
Subject: SCTP: verify frame pointer before dereferencing it

Bug: 11767
Change-Id: Icd01550e0aaa4cd0cc33ae3acc0ef702c38f4db4
Reviewed-on: https://code.wireshark.org/review/12146
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
(cherry picked from commit 2259bf8a827088081bef101f98e4983de8aa8099)
Reviewed-on: https://code.wireshark.org/review/12158
---
 epan/dissectors/packet-sctp.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/epan/dissectors/packet-sctp.c b/epan/dissectors/packet-sctp.c
index 8f2a7f1601..6c042af189 100644
--- a/epan/dissectors/packet-sctp.c
+++ b/epan/dissectors/packet-sctp.c
@@ -3439,12 +3439,14 @@ dissect_data_chunk(tvbuff_t *chunk_tvb,
       cur = wmem_list_tail(pinfo->layers);
       retval = dissect_payload(payload_tvb, pinfo, tree, payload_proto_id);
       cur = wmem_list_frame_next(cur);
-      tmp = wmem_list_frame_data(cur);
-      proto_id = GPOINTER_TO_UINT(tmp);
-      proto_name = proto_get_protocol_filter_name(proto_id);
-      if (strcmp(proto_name, "data") != 0){
-        if (have_tap_listener(exported_pdu_tap)){
-          export_sctp_data_chunk(pinfo,payload_tvb, proto_name);
+      if (cur) {
+        tmp = wmem_list_frame_data(cur);
+        proto_id = GPOINTER_TO_UINT(tmp);
+        proto_name = proto_get_protocol_filter_name(proto_id);
+        if (strcmp(proto_name, "data") != 0){
+          if (have_tap_listener(exported_pdu_tap)){
+            export_sctp_data_chunk(pinfo,payload_tvb, proto_name);
+          }
         }
       }
     }
-- 
cgit v1.2.1