Wireshark-commits: [Wireshark-commits] master-3.0 e0cfa5c: dot11crypt: Fix crash on failure finding
From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Wed, 18 Sep 2019 16:28:26 +0000
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e0cfa5c65777719f5f3b9fbf34ed2e3180d563c5
Submitter: "Pascal Quantin <pascal@xxxxxxxxxxxxx>"
Changed: branch: master-3.0
Repository: wireshark

Commits:

e0cfa5c by Mikael Kanstrup (mikael.kanstrup@xxxxxxxx):

    dot11crypt: Fix crash on failure finding GTK in decrypted frame
    
    If GTK cannot be found inside a successfully decrypted wireless frame
    the dot11crypt engine returns incorrect decrypted data length of 0
    bytes. As the IEEE802.11 dissector does not check the length of the
    decrypted frame the number of bytes allocated and copied to wmem ends
    up being a negative number (i.e. a huge unsigned number). This results
    in a SIGSEGV crash while copying data.
    
    Fix this both by returning a correct length from dot11crypt engine
    and add extra an protection to the IEEE802.11 dissector if the length
    for any (other) reason still would end up being a negative number.
    
    Bug: 16058
    Change-Id: I9d0d1cf50498dece2e008222eebbb3edc8f10159
    Reviewed-on: https://code.wireshark.org/review/34558
    Petri-Dish: Pascal Quantin <pascal@xxxxxxxxxxxxx>
    Tested-by: Petri Dish Buildbot
    Reviewed-by: Pascal Quantin <pascal@xxxxxxxxxxxxx>
    (cherry picked from commit 74bccadff2080a45b6758a355e3c7737409832c4)
    Reviewed-on: https://code.wireshark.org/review/34559
    

Actions performed:

    from  5c80264   [Automatic update for 2019-09-15]
     add  e0cfa5c   dot11crypt: Fix crash on failure finding GTK in decrypted frame


Summary of changes:
 epan/crypt/dot11decrypt.c          |  2 --
 epan/dissectors/packet-ieee80211.c | 12 +++++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)