Wireshark-commits: [Wireshark-commits] master 8fdaeb8: rnsap: fix use-after-free of "obj_id"
From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Tue, 22 May 2018 09:39:52 +0000
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8fdaeb80e81dca1cd7c6af3fba8648b664fb7141
Submitter: Peter Wu (peter@xxxxxxxxxxxxx)
Changed: branch: master
Repository: wireshark

Commits:

8fdaeb8 by Peter Wu (peter@xxxxxxxxxxxxx):

    rnsap: fix use-after-free of "obj_id"
    
    dissect_PrivateIEFieldValue could use "obj_id" after it was freed. Use
    per-packet info instead of globals to avoid such dangling pointers and
    erase any previous state to avoid interference in the same packet.
    
    Change-Id: I7376210ef02a8e781b5a34858ae47d2254c74948
    Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4311
    Reviewed-on: https://code.wireshark.org/review/27650
    Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
    Tested-by: Petri Dish Buildbot
    Reviewed-by: Darien Spencer <cusneud@xxxxxxxx>
    Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
    

Actions performed:

    from  ede3cde   lwm2mtlv: Fix reloading Resource name table
    adds  8fdaeb8   rnsap: fix use-after-free of "obj_id"


Summary of changes:
 epan/dissectors/asn1/rnsap/packet-rnsap-template.c |  57 ++++++++---
 epan/dissectors/asn1/rnsap/rnsap.cnf               |  26 ++---
 epan/dissectors/packet-rnsap.c                     | 107 +++++++++++++--------
 3 files changed, 122 insertions(+), 68 deletions(-)