Wireshark-commits: [Wireshark-commits] master ede1af2: eap: make eap_identity_prefix a numeric item
From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Sat, 17 Sep 2016 19:50:14 +0000 (UTC)
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ede1af20ba483dd7b6b35d3bd1eabe5cc463592c
Submitter: Guy Harris (guy@xxxxxxxxxxxx)
Changed: branch: master
Repository: wireshark

Commits:

ede1af2 by Martin Kaiser (wireshark@xxxxxxxxx):

    eap: make eap_identity_prefix a numeric item
    
    This used to be string item, its value was not 0-terminated. This
    resulted in out-of-bounds mem acceess when eap_identity_prefix was used
    by proto_tree_add_string_format().
    
    ==14744== Conditional jump or move depends on uninitialised value(s)
    ==14744==    at 0x4C294F8: strlen (mc_replace_strmem.c:390)
    ==14744==    by 0xC19C97F: g_strdup (gstrfuncs.c:355)
    ==14744==    by 0x739CA75: string_fvalue_set_string (ftype-string.c:51)
    ==14744==    by 0x67136A9: proto_tree_add_string (proto.c:3515)
    ==14744==    by 0x6713870: proto_tree_add_string_format (proto.c:3547)
    ==14744==    by 0x69BB494: dissect_eap (packet-eap.c:838)
    ==14744==    by 0x66FD0B4: call_dissector_work (packet.c:649)
    
    As the content is a number anyway, the simplest solution is to make
    eap_identity_prefix a numeric item and use
    proto_tree_add_uint_format_value().
    
    Bug: 12913
    Change-Id: I907b1d3555a96e9662b1d8253d17d35adfdada48
    Reviewed-on: https://code.wireshark.org/review/17760
    Reviewed-by: Guy Harris <guy@xxxxxxxxxxxx>
    

Actions performed:

    from  983a969   eap: (trivial) reformat a comment
    adds  ede1af2   eap: make eap_identity_prefix a numeric item


Summary of changes:
 epan/dissectors/packet-eap.c |   21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)