Wireshark-commits: [Wireshark-commits] master 3c6900f: radius: fix use-after-free after recent meml
From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Tue, 28 Feb 2017 19:06:23 +0000 (UTC)
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3c6900f31fcfed080d165b581ccef8f022109491
Submitter: Michael Mann (mmann78@xxxxxxxxxxxx)
Changed: branch: master
Repository: wireshark

Commits:

3c6900f by Peter Wu (peter@xxxxxxxxxxxxx):

    radius: fix use-after-free after recent memleak fixes
    
    The same data is referenced by the ID-to-name and name-to-ID mapping, so
    be make sure that the ID mapping is responsible (as the name mapping is
    just used for duplicate detection and while parsing dictionary files).
    
    Still to be done is fixing duplicate attribute numbers (by adding
    support for OIDs and changing TLV attribute type IDs to OIDs) and fixing
    duplicate attribute names (by prefixing the Vendor Names to them).
    Also not handled is fixing Value memleaks.
    
    Reproducers of the crash under ASAN:
    
        tshark -G fields >/dev/null
        tshark -r radius-ms-mppe-etrl-bug.cap   (from bug 796)
    
    Change-Id: Ifa4055901072bc830e19fe06937af67ce524a3be
    Fixes: v2.3.0rc0-2536-gd4cf57100c ("Free radius dissector memory on shutdown")
    Reviewed-on: https://code.wireshark.org/review/20307
    Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
    Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
    Tested-by: Petri Dish Buildbot <buildbot-no-reply@xxxxxxxxxxxxx>
    Reviewed-by: Michael Mann <mmann78@xxxxxxxxxxxx>
    

Actions performed:

    from  87b7242   radius: fix memleaks of value_string
    adds  3c6900f   radius: fix use-after-free after recent memleak fixes


Summary of changes:
 epan/dissectors/packet-radius.c |   19 ++++++++++++-------
 epan/dissectors/packet-radius.h |   12 ++++++++++--
 epan/radius_dict.l              |    6 +++---
 3 files changed, 25 insertions(+), 12 deletions(-)