packages/wireshark
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
wireshark/wireshark-CVE-2018-18225.patch
gu-gu-gu 2cdf36b8a8 wireshark:openEuler init
2019-12-02 20:44:06 +08:00

57 lines
2.4 KiB
Diff
Raw Blame History

From 5a2aafef7a8ad4b3917823133c2e3534951fc4d3 Mon Sep 17 00:00:00 2001
From: Peter Wu <peter@lekensteyn.nl>
Date: Tue, 9 Oct 2018 19:18:34 +0200
Subject: [PATCH] coap: ensure that piv_len matches piv
In frame 121, piv_len was 1 while piv was NULL. Ensure that both piv and
piv_len are reset to avoid this. Adjust another check to ensure that piv
and piv_len are in sync (probably not necessary, but it seems the
intention).
Bug: 15172
Change-Id: If8636d32f3273d6707749c807bd7d676ca9ab96d
Fixes: v2.5.2rc0-9-g830ea5731a ("CoAP: Hooks to OSCORE")
Reviewed-on: https://code.wireshark.org/review/30100
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
epan/dissectors/packet-coap.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/epan/dissectors/packet-coap.c b/epan/dissectors/packet-coap.c
index b034042..40331af 100644
--- a/epan/dissectors/packet-coap.c
+++ b/epan/dissectors/packet-coap.c
@@ -451,8 +451,11 @@ dissect_coap_opt_object_security(tvbuff_t *tvb, proto_item *head_item, proto_tre
coinfo->object_security = TRUE;
coinfo->oscore_info->piv = NULL;
+ coinfo->oscore_info->piv_len = 0;
coinfo->oscore_info->kid_context = NULL;
+ coinfo->oscore_info->kid_context_len = 0;
coinfo->oscore_info->kid = NULL;
+ coinfo->oscore_info->kid_len = 0;
if (opt_length == 0) { /* option length is zero, means flag byte is 0x00*/
/* add info to the head of the packet detail */
@@ -1148,11 +1151,9 @@ dissect_coap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* d
/* Indicate to OSCORE that this response contains its own PIV */
coinfo->oscore_info->piv_in_response = TRUE;
coap_trans->oscore_info->piv_in_response = TRUE;
- } else {
- if (coap_trans->oscore_info->piv) {
- /* Use the PIV from the request */
- coinfo->oscore_info->piv = (guint8 *) wmem_memdup(wmem_packet_scope(), coap_trans->oscore_info->piv, coap_trans->oscore_info->piv_len);
- }
+ } else if (coap_trans->oscore_info->piv_len > 0) {
+ /* Use the PIV from the request */
+ coinfo->oscore_info->piv = (guint8 *) wmem_memdup(wmem_packet_scope(), coap_trans->oscore_info->piv, coap_trans->oscore_info->piv_len);
coinfo->oscore_info->piv_len = coap_trans->oscore_info->piv_len;
}
coinfo->oscore_info->response = TRUE;
--
1.7.12.4
Reference in New Issue View Git Blame Copy Permalink