aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPeter Wu <peter@lekensteyn.nl>2018-05-13 16:27:27 +0200
committerAnders Broman <a.broman58@gmail.com>2018-05-14 08:14:26 +0000
commit843735e0efe03f601ed69f69e5295974aad927b2 (patch)
tree860a719a03d85166f5e4ff14540200bb9404e68c
parent19c45892461da6f1767190c86c62dab02db8a2e3 (diff)
dns: fix null pointer deref for empty name in SRV record
Per RFC 2782, the name should follow the "_Service._Proto.Name" format. If a malformed packet does not adhere to this and provides a zero-length name, then wmem_strsplit returns NULL. Bug: 14681 Change-Id: I7b9935238a9800a1526c8b694fd2c63d3b488d0b Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7416 Reviewed-on: https://code.wireshark.org/review/27499 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
-rw-r--r--epan/dissectors/packet-dns.c4
1 files changed, 1 insertions, 3 deletions
diff --git a/epan/dissectors/packet-dns.c b/epan/dissectors/packet-dns.c
index 8e619fcf3d..efc2fd199b 100644
--- a/epan/dissectors/packet-dns.c
+++ b/epan/dissectors/packet-dns.c
@@ -1504,11 +1504,9 @@ add_rr_to_tree(proto_tree *rr_tree, tvbuff_t *tvb, int offset,
proto_item *ttl_item;
gchar **srv_rr_info;
- if (type == T_SRV) {
+ if (type == T_SRV && name[0]) {
srv_rr_info = wmem_strsplit(wmem_packet_scope(), name, ".", 3);
- /* The + 1 on the strings is to skip the leading '_' */
-
proto_tree_add_string(rr_tree, hf_dns_srv_service, tvb, offset,
namelen, srv_rr_info[0]);