Wireshark-commits: [Wireshark-commits] master-2.4 b144612: dot11crypt: add bounds check for TDLS el
From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Wed, 20 Jun 2018 08:46:33 +0000
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b1446124eebc3ea5591d18e719c2a5cff3630638
Submitter: Guy Harris (guy@xxxxxxxxxxxx)
Changed: branch: master-2.4
Repository: wireshark

Commits:

b144612 by Peter Wu (peter@xxxxxxxxxxxxx):

    dot11crypt: add bounds check for TDLS elements
    
    Fixes a buffer overrun (read) of at most 255 bytes which could occur
    while processing FTE in Dot11DecryptTDLSDeriveKey.
    
    While at it, according to 802.11-2016 9.4.1.9, "A status code of
    SUCCESS_POWER_SAVE_MODE also indicates a successful operation.". No idea
    when it makes a difference, but let's implement it too.
    
    Bug: 14686
    Change-Id: Ia7a41cd965704a4d51fb5a4dc4d01885fc17375c
    Fixes: v2.1.0rc0-1825-g6991149557 ("[airpdcap] Add support to decrypt TDLS traffic")
    Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8189
    Reviewed-on: https://code.wireshark.org/review/27618
    Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
    Tested-by: Petri Dish Buildbot
    Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
    (cherry picked from commit f440561b8c49c7863191c1ff2b36debed4d8d620)
    Reviewed-on: https://code.wireshark.org/review/27640
    Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
    (cherry picked from commit 1b52f9929238ce3948ec924ae4f9456b5e9df558)
    Reviewed-on: https://code.wireshark.org/review/28344
    Reviewed-by: Guy Harris <guy@xxxxxxxxxxxx>
    

Actions performed:

    from  8aeb1f4   dot11decrypt: free memory on exit (found by clang).
    adds  b144612   dot11crypt: add bounds check for TDLS elements


Summary of changes:
 epan/crypt/airpdcap.c | 37 +++++++++++++++++++++++++++----------
 1 file changed, 27 insertions(+), 10 deletions(-)