summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTobias Klauser <tklauser@distanz.ch>2013-06-13 17:26:47 +0200
committerTobias Klauser <tklauser@distanz.ch>2013-06-13 17:26:47 +0200
commit494d29a8bcd07e544e8178b140ba3b75bcb3aceb (patch)
tree6557750020e1647d16ed18365fdd6161cc64348e
parent8b8244232220aef30417b8bc712e45542f5504db (diff)
dissector: ip_auth_hdr: Fix possible null pointer dereference
Fix an unconditional dereference of a pkt_pull() return value to prevent dereferencing a null pointer. This was found by the Coverity scanner. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
-rw-r--r--proto_ip_authentication_hdr.c13
1 files changed, 11 insertions, 2 deletions
diff --git a/proto_ip_authentication_hdr.c b/proto_ip_authentication_hdr.c
index 6640918..183d405 100644
--- a/proto_ip_authentication_hdr.c
+++ b/proto_ip_authentication_hdr.c
@@ -54,8 +54,17 @@ static void auth_hdr(struct pkt_buff *pkt)
tprintf("SPI (0x%x), ", ntohl(auth_ops->h_spi));
tprintf("SNF (0x%x), ", ntohl(auth_ops->h_snf));
tprintf("ICV 0x");
- for (i = sizeof(struct auth_hdr); i < hdr_len; i++)
- tprintf("%02x", *pkt_pull(pkt, 1));
+ for (i = sizeof(struct auth_hdr); i < hdr_len; i++) {
+ uint8_t *data = pkt_pull(pkt, 1);
+
+ if (data == NULL) {
+ tprintf("%sinvalid%s", colorize_start_full(black, red),
+ colorize_end());
+ break;
+ }
+
+ tprintf("%02x", *data);
+ }
tprintf(" ]\n");
pkt_set_proto(pkt, &eth_lay3, auth_ops->h_next_header);