dissector: ip_auth_hdr: Fix possible null pointer dereference

Fix an unconditional dereference of a pkt_pull() return value to prevent dereferencing a null pointer. This was found by the Coverity scanner. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
author: Tobias Klauser <tklauser@distanz.ch> 2013-06-13 17:26:47 +0200
committer: Tobias Klauser <tklauser@distanz.ch> 2013-06-13 17:26:47 +0200
commit: 494d29a8bcd07e544e8178b140ba3b75bcb3aceb (patch)
tree: 6557750020e1647d16ed18365fdd6161cc64348e /proto_ip_authentication_hdr.c
parent: 8b8244232220aef30417b8bc712e45542f5504db (diff)
1 files changed, 11 insertions, 2 deletions
diff --git a/proto_ip_authentication_hdr.c b/proto_ip_authentication_hdr.c
index 6640918..183d405 100644
--- a/proto_ip_authentication_hdr.c
+++ b/proto_ip_authentication_hdr.c
@@ -54,8 +54,17 @@ static void auth_hdr(struct pkt_buff *pkt)
 	tprintf("SPI (0x%x), ", ntohl(auth_ops->h_spi));
 	tprintf("SNF (0x%x), ", ntohl(auth_ops->h_snf));
 	tprintf("ICV 0x");
-	for (i = sizeof(struct auth_hdr); i < hdr_len; i++)
-		tprintf("%02x", *pkt_pull(pkt, 1));
+	for (i = sizeof(struct auth_hdr); i < hdr_len; i++) {
+		uint8_t *data = pkt_pull(pkt, 1);
+
+		if (data == NULL) {
+			tprintf("%sinvalid%s", colorize_start_full(black, red),
+				colorize_end());
+			break;
+		}
+
+		tprintf("%02x", *data);
+	}
 	tprintf(" ]\n");
 
 	pkt_set_proto(pkt, &eth_lay3, auth_ops->h_next_header);
author	Tobias Klauser <tklauser@distanz.ch>	2013-06-13 17:26:47 +0200
committer	Tobias Klauser <tklauser@distanz.ch>	2013-06-13 17:26:47 +0200
commit	494d29a8bcd07e544e8178b140ba3b75bcb3aceb (patch)
tree	6557750020e1647d16ed18365fdd6161cc64348e /proto_ip_authentication_hdr.c
parent	8b8244232220aef30417b8bc712e45542f5504db (diff)