From 76c577aab4354df779f236584ddb096f3e82ad24 Mon Sep 17 00:00:00 2001
From: erikdejong <erikdejong@gmail.com>
Date: Sat, 4 Jan 2020 22:02:11 +0100
Subject: SIP: authorization validation segfault on missing fields

Fix for segfaults caused by missing username and or realm fields when validating SIP authorization.

Change-Id: Ia418f2a7f036ef706fcd6e4a766ea43098a6883d
Reviewed-on: https://code.wireshark.org/review/35644
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
---
 epan/dissectors/packet-sip.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'epan/dissectors')

diff --git a/epan/dissectors/packet-sip.c b/epan/dissectors/packet-sip.c
index f0d17a931a..ef941a0ec2 100644
--- a/epan/dissectors/packet-sip.c
+++ b/epan/dissectors/packet-sip.c
@@ -4337,7 +4337,8 @@ dissect_sip_common(tvbuff_t *tvb, int offset, int remaining_length, packet_info
                                     }
                                     comma_offset++; /* skip comma */
                                 }
-                                if ((authorization_info.response != NULL) && (global_sip_validate_authorization)) { /* If there is a response, check for valid credentials */
+                                if ((authorization_info.response != NULL) && (global_sip_validate_authorization) &&
+                                        (authorization_info.username != NULL) && (authorization_info.realm != NULL)) { /* If there is a response, check for valid credentials */
                                     authorization_user = sip_get_authorization(&authorization_info);
                                     if (authorization_user) {
                                         authorization_info.method = wmem_strdup(wmem_packet_scope(), stat_info->request_method);
-- 
cgit v1.2.3