diff options
author | Tobias Klauser <tklauser@distanz.ch> | 2013-06-13 17:26:47 +0200 |
---|---|---|
committer | Tobias Klauser <tklauser@distanz.ch> | 2013-06-13 17:26:47 +0200 |
commit | 494d29a8bcd07e544e8178b140ba3b75bcb3aceb (patch) | |
tree | 6557750020e1647d16ed18365fdd6161cc64348e | |
parent | 8b8244232220aef30417b8bc712e45542f5504db (diff) |
dissector: ip_auth_hdr: Fix possible null pointer dereference
Fix an unconditional dereference of a pkt_pull() return value to prevent
dereferencing a null pointer.
This was found by the Coverity scanner.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
-rw-r--r-- | proto_ip_authentication_hdr.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/proto_ip_authentication_hdr.c b/proto_ip_authentication_hdr.c index 6640918..183d405 100644 --- a/proto_ip_authentication_hdr.c +++ b/proto_ip_authentication_hdr.c @@ -54,8 +54,17 @@ static void auth_hdr(struct pkt_buff *pkt) tprintf("SPI (0x%x), ", ntohl(auth_ops->h_spi)); tprintf("SNF (0x%x), ", ntohl(auth_ops->h_snf)); tprintf("ICV 0x"); - for (i = sizeof(struct auth_hdr); i < hdr_len; i++) - tprintf("%02x", *pkt_pull(pkt, 1)); + for (i = sizeof(struct auth_hdr); i < hdr_len; i++) { + uint8_t *data = pkt_pull(pkt, 1); + + if (data == NULL) { + tprintf("%sinvalid%s", colorize_start_full(black, red), + colorize_end()); + break; + } + + tprintf("%02x", *data); + } tprintf(" ]\n"); pkt_set_proto(pkt, ð_lay3, auth_ops->h_next_header); |