Change some dissectors to use pinfo memory pool instead of malloc if …

…it can trigger an exception between between buffer allocation and tvb_set_free_cb call svn path=/trunk/; revision=51427
CTSRD-SOAAP · Aug 19, 2013 · b46f9be · b46f9be
1 parent 02cae55
commit b46f9be
Show file tree

Hide file tree

Showing 17 changed files with 70 additions and 136 deletions.
diff --git a/asn1/spnego/packet-spnego-template.c b/asn1/spnego/packet-spnego-template.c
@@ -570,18 +570,9 @@ decrypt_gssapi_krb_arcfour_wrap(proto_tree *tree, packet_info *pinfo, tvbuff_t *
 	int length;
 	const guint8 *original_data;
 
-	static int omb_index=0;
-	static guint8 *omb_arr[4]={NULL,NULL,NULL,NULL};
-	static guint8 *cryptocopy=NULL; /* workaround for pre-0.6.1 heimdal bug */
+	guint8 *cryptocopy=NULL; /* workaround for pre-0.6.1 heimdal bug */
 	guint8 *output_message_buffer;
 
-	omb_index++;
-	if(omb_index>=4){
-		omb_index=0;
-	}
-	output_message_buffer=omb_arr[omb_index];
-
-
 	length=tvb_length(pinfo->gssapi_encrypted_tvb);
 	original_data=tvb_get_ptr(pinfo->gssapi_encrypted_tvb, 0, length);
 
@@ -595,11 +586,7 @@ decrypt_gssapi_krb_arcfour_wrap(proto_tree *tree, packet_info *pinfo, tvbuff_t *
 	/* XXX We also need to re-read the keytab when the preference changes */
 
 	cryptocopy=(guint8 *)wmem_alloc(wmem_packet_scope(), length);
-	if(output_message_buffer){
-		g_free(output_message_buffer);
-		output_message_buffer=NULL;
-	}
-	output_message_buffer=(guint8 *)g_malloc(length);
+	output_message_buffer=(guint8 *)wmem_alloc(pinfo->pool, length);
 
 	for(ek=enc_key_list;ek;ek=ek->next){
 		/* shortcircuit and bail out if enctypes are not matching */
@@ -626,7 +613,6 @@ decrypt_gssapi_krb_arcfour_wrap(proto_tree *tree, packet_info *pinfo, tvbuff_t *
 			pinfo->gssapi_decrypted_tvb=tvb_new_child_real_data(tvb,
 				output_message_buffer,
 				ret, ret);
-			tvb_set_free_cb(pinfo->gssapi_decrypted_tvb, g_free);
 			add_new_data_source(pinfo, pinfo->gssapi_decrypted_tvb, "Decrypted GSS-Krb5");
 			return;
 		}
@@ -704,7 +690,7 @@ decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_,
 
 	datalen = tvb_length(checksum_tvb) + tvb_length(encrypted_tvb);
 
-	rotated = (guint8 *)g_malloc(datalen);
+	rotated = (guint8 *)wmem_alloc(pinfo->pool, datalen);
 
 	tvb_memcpy(checksum_tvb, rotated,
 		   0, tvb_length(checksum_tvb));
@@ -719,7 +705,6 @@ decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_,
 
 	next_tvb=tvb_new_child_real_data(encrypted_tvb, rotated,
 					 datalen, datalen);
-	tvb_set_free_cb(next_tvb, g_free);
 	add_new_data_source(pinfo, next_tvb, "GSSAPI CFX");
 
 	output = decrypt_krb5_data(tree, pinfo, usage, next_tvb,

diff --git a/epan/dissectors/packet-ansi_637.c b/epan/dissectors/packet-ansi_637.c
@@ -33,7 +33,7 @@
 #include "config.h"
 
 #include <epan/packet.h>
-#include <epan/emem.h>
+#include <epan/wmem/wmem.h>
 #include <epan/strutil.h>
 
 #include "packet-gsm_sms.h"
@@ -572,7 +572,7 @@ tele_param_user_data(tvbuff_t *tvb, proto_tree *tree, guint len, guint32 offset)
 	saved_offset = offset - 1;
 	i = num_fields * 7;
 	required_octs = (i / 8) + ((i % 8) ? 1 : 0);
-	buf = (gchar*)g_malloc(required_octs);
+	buf = (gchar*)wmem_alloc(g_pinfo->pool, required_octs);
 	for (i=0; i < required_octs; i++)
 	{
 		oct = tvb_get_guint8(tvb, saved_offset);
@@ -581,7 +581,6 @@ tele_param_user_data(tvbuff_t *tvb, proto_tree *tree, guint len, guint32 offset)
 		saved_offset++;
 	}
 	tvb_out = tvb_new_child_real_data(tvb, buf, required_octs, required_octs);
-	tvb_set_free_cb(tvb_out, g_free);
 	add_new_data_source(g_pinfo, tvb_out, "Characters");
 	offset = 0;
 	bit = 0;
@@ -635,7 +634,7 @@ tele_param_user_data(tvbuff_t *tvb, proto_tree *tree, guint len, guint32 offset)
         saved_offset = offset - 1;
         i = num_fields * 7;
         required_octs = (i / 8) + ((i % 8) ? 1 : 0);
-        buf = (gchar*)g_malloc(required_octs);
+        buf = (gchar*)wmem_alloc(g_pinfo->pool, required_octs);
         for (i=0; i < required_octs; i++)
         {
             oct = tvb_get_guint8(tvb, saved_offset);
@@ -644,7 +643,6 @@ tele_param_user_data(tvbuff_t *tvb, proto_tree *tree, guint len, guint32 offset)
             saved_offset++;
         }
         tvb_out = tvb_new_child_real_data(tvb, buf, required_octs, required_octs);
-        tvb_set_free_cb(tvb_out, g_free);
         add_new_data_source(g_pinfo, tvb_out, "Characters");
         offset = 0;
         bit = 0;
@@ -666,7 +664,7 @@ tele_param_user_data(tvbuff_t *tvb, proto_tree *tree, guint len, guint32 offset)
     {
         saved_offset = offset - 1;
         required_octs = 2*num_fields;
-        buf = (gchar*)g_malloc(required_octs);
+        buf = (gchar*)wmem_alloc(g_pinfo->pool, required_octs);
         for (i=0; i < required_octs; i++)
         {
             oct = tvb_get_guint8(tvb, saved_offset);
@@ -675,7 +673,6 @@ tele_param_user_data(tvbuff_t *tvb, proto_tree *tree, guint len, guint32 offset)
             saved_offset++;
         }
         tvb_out = tvb_new_child_real_data(tvb, buf, required_octs, required_octs);
-        tvb_set_free_cb(tvb_out, g_free);
         add_new_data_source(g_pinfo, tvb_out, "Characters");
         offset = 0;
         if (g_pinfo->private_data && (GPOINTER_TO_UINT(g_pinfo->private_data) == TRUE)) {
@@ -702,7 +699,7 @@ tele_param_user_data(tvbuff_t *tvb, proto_tree *tree, guint len, guint32 offset)
     else if (encoding == 0x07)/* Latin/Hebrew */
     {
         saved_offset = offset - 1;
-        buf = (gchar*)g_malloc(num_fields);
+        buf = (gchar*)wmem_alloc(g_pinfo->pool, num_fields);
         for (i=0; i < num_fields; i++)
         {
             oct = tvb_get_guint8(tvb, saved_offset);
@@ -711,7 +708,6 @@ tele_param_user_data(tvbuff_t *tvb, proto_tree *tree, guint len, guint32 offset)
             saved_offset++;
         }
         tvb_out = tvb_new_child_real_data(tvb, buf, num_fields, num_fields);
-        tvb_set_free_cb(tvb_out, g_free);
         add_new_data_source(g_pinfo, tvb_out, "Characters");
         offset = 0;
         required_octs = len - used;
@@ -739,7 +735,7 @@ tele_param_user_data(tvbuff_t *tvb, proto_tree *tree, guint len, guint32 offset)
     else if (encoding == 0x08) /* ISO 8859-1 (a/k/a ISO Latin 1) */
     {
         saved_offset = offset - 1;
-        buf = (gchar*)g_malloc(num_fields);
+        buf = (gchar*)wmem_alloc(g_pinfo->pool, num_fields);
         for (i=0; i < num_fields; i++)
         {
             oct = tvb_get_guint8(tvb, saved_offset);
@@ -748,7 +744,6 @@ tele_param_user_data(tvbuff_t *tvb, proto_tree *tree, guint len, guint32 offset)
             saved_offset++;
         }
         tvb_out = tvb_new_child_real_data(tvb, buf, num_fields, num_fields);
-        tvb_set_free_cb(tvb_out, g_free);
         add_new_data_source(g_pinfo, tvb_out, "Characters");
         offset = 0;
         required_octs = len - used;
@@ -790,7 +785,7 @@ tele_param_user_data(tvbuff_t *tvb, proto_tree *tree, guint len, guint32 offset)
         saved_offset = offset - 1;
         i = num_fields * 7;
         required_octs = (i / 8) + ((i % 8) ? 1 : 0);
-        buf = (gchar*)g_malloc(required_octs);
+        buf = (gchar*)wmem_alloc(g_pinfo->pool, required_octs);
         for (i=0; i < required_octs; i++)
         {
             oct = tvb_get_guint8(tvb, saved_offset);
@@ -799,7 +794,6 @@ tele_param_user_data(tvbuff_t *tvb, proto_tree *tree, guint len, guint32 offset)
             saved_offset++;
         }
         tvb_out = tvb_new_child_real_data(tvb, buf, required_octs, required_octs);
-        tvb_set_free_cb(tvb_out, g_free);
         add_new_data_source(g_pinfo, tvb_out, "Characters");
         offset = 0;
         bit = 0;
@@ -2122,7 +2116,7 @@ dissect_ansi_637_trans_param(tvbuff_t *tvb, proto_tree *tree, guint32 *offset)
 	{
             gchar *ansi_637_add_string;
 
-	    ansi_637_add_string = (gchar *)ep_alloc(1024);
+	    ansi_637_add_string = (gchar *)wmem_alloc(wmem_packet_scope(), 1024);
 	    ansi_637_add_string[0] = '\0';
 	    (*param_fcn)(tvb, subtree, len, curr_offset, ansi_637_add_string, 1024);
 

diff --git a/epan/dissectors/packet-bthfp.c b/epan/dissectors/packet-bthfp.c
@@ -1461,7 +1461,7 @@ dissect_bthfp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
         guint      i_data_offset;
 
         i_data_offset = fragment->index + fragment->length;
-        data = (guint8 *) wmem_alloc(wmem_packet_scope(), fragment->index + fragment->length);
+        data = (guint8 *) wmem_alloc(pinfo->pool, fragment->index + fragment->length);
 
         i_fragment = fragment;
 

diff --git a/epan/dissectors/packet-dnp.c b/epan/dissectors/packet-dnp.c
@@ -2973,7 +2973,7 @@ dissect_dnp3_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 
     /* XXX - check for dl_len <= 5 */
     data_len = dl_len - 5;
-    tmp = (guint8 *)g_malloc(data_len);
+    tmp = (guint8 *)wmem_alloc(pinfo->pool, data_len);
     tmp_ptr = tmp;
     i = 0;
     data_offset = 1;  /* skip the transport layer byte when assembling chunks */
@@ -3017,7 +3017,6 @@ dissect_dnp3_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
       gboolean  save_fragmented;
 
       al_tvb = tvb_new_child_real_data(tvb, tmp, (guint) (tmp_ptr-tmp), (gint) (tmp_ptr-tmp));
-      tvb_set_free_cb(al_tvb, g_free);
 
       /* Check for fragmented packet */
       save_fragmented = pinfo->fragmented;
@@ -3103,7 +3102,6 @@ dissect_dnp3_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
     {
       /* CRC error - throw away the data. */
       next_tvb = NULL;
-      g_free(tmp);
       proto_tree_add_text(dnp3_tree, tvb, 11, -1, "CRC failed, %u chunks", i);
     }
 

diff --git a/epan/dissectors/packet-h223.c b/epan/dissectors/packet-h223.c
@@ -26,7 +26,7 @@
 #include "config.h"
 
 #include <glib.h>
-#include <epan/emem.h>
+#include <epan/wmem/wmem.h>
 #include <epan/bitswap.h>
 #include <epan/circuit.h>
 #include <epan/conversation.h>
@@ -209,7 +209,7 @@ circuit_chain_lookup(const h223_call_info* call_info, guint32 child_vc)
     key.vc = child_vc;
     circuit_id = GPOINTER_TO_UINT(g_hash_table_lookup( circuit_chain_hashtable, &key ));
     if( circuit_id == 0 ) {
-        new_key = se_new(circuit_chain_key);
+        new_key = wmem_new(wmem_file_scope(), circuit_chain_key);
         *new_key = key;
         circuit_id = ++circuit_chain_count;
         g_hash_table_insert(circuit_chain_hashtable, new_key, GUINT_TO_POINTER(circuit_id));
@@ -292,7 +292,7 @@ add_h223_mux_element(h223_call_direction_data *direct, guint8 mc, h223_mux_eleme
 
     DISSECTOR_ASSERT(mc < 16);
 
-    li = se_new(h223_mux_element_listitem);
+    li = wmem_new(wmem_file_scope(), h223_mux_element_listitem);
     old_li_ptr = &(direct->mux_table[mc]);
     old_li = *old_li_ptr;
     if( !old_li ) {
@@ -339,7 +339,7 @@ find_h223_mux_element(h223_call_direction_data* direct, guint8 mc, guint32 frame
 static void
 add_h223_lc_params(h223_vc_info* vc_info, int direction, h223_lc_params *lc_params, guint32 framenum )
 {
-    h223_lc_params_listitem *li = se_new(h223_lc_params_listitem);
+    h223_lc_params_listitem *li = wmem_new(wmem_file_scope(), h223_lc_params_listitem);
     h223_lc_params_listitem **old_li_ptr = &(vc_info->lc_params[direction ? 0 : 1]);
     h223_lc_params_listitem *old_li = *old_li_ptr;
     if( !old_li ) {
@@ -386,7 +386,7 @@ init_direction_data(h223_call_direction_data *direct)
         direct->mux_table[i] = NULL;
 
     /* set up MC 0 to contain just VC 0 */
-    mc0_element = se_new(h223_mux_element);
+    mc0_element = wmem_new(wmem_file_scope(), h223_mux_element);
     add_h223_mux_element( direct, 0, mc0_element, 0 );
     mc0_element->sublist = NULL;
     mc0_element->vc = 0;
@@ -397,7 +397,7 @@ init_direction_data(h223_call_direction_data *direct)
 static h223_vc_info*
 h223_vc_info_new( h223_call_info* call_info )
 {
-    h223_vc_info *vc_info = se_new(h223_vc_info);
+    h223_vc_info *vc_info = wmem_new(wmem_file_scope(), h223_vc_info);
     vc_info->lc_params[0] = vc_info->lc_params[1] = NULL;
     vc_info->call_info = call_info;
     return vc_info;
@@ -431,7 +431,7 @@ create_call_info( guint32 start_frame )
     h223_call_info *datax;
     h223_lc_params *vc0_params;
 
-    datax = se_new(h223_call_info);
+    datax = wmem_new(wmem_file_scope(), h223_call_info);
 
     /* initialise the call info */
     init_direction_data(&datax -> direction_data[0]);
@@ -440,7 +440,7 @@ create_call_info( guint32 start_frame )
     /* FIXME shouldn't this be figured out dynamically? */
     datax -> h223_level = 2;
 
-    vc0_params = se_new(h223_lc_params);
+    vc0_params = wmem_new(wmem_file_scope(), h223_lc_params);
     vc0_params->al_type = al1Framed;
     vc0_params->al_params = NULL;
     vc0_params->segmentable = TRUE;
@@ -1369,7 +1369,7 @@ dissect_h223_bitswapped (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
     guint i;
 
     len = tvb_length(tvb);
-    datax = (guint8 *)g_malloc(len);
+    datax = (guint8 *)wmem_alloc(pinfo->pool, len);
     for( i=0; i<len; i++)
         datax[i]=BIT_SWAP(tvb_get_guint8(tvb,i));
 
@@ -1380,9 +1380,6 @@ dissect_h223_bitswapped (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
      */
     reversed_tvb = tvb_new_child_real_data(tvb, datax,len,tvb_reported_length(tvb));
 
-    /* Add a freer */
-    tvb_set_free_cb(reversed_tvb, g_free);
-
     /* Add the reversed data to the data source list. */
     add_new_data_source(pinfo, reversed_tvb, "Bit-swapped H.223 frame" );
 

diff --git a/epan/dissectors/packet-h264.c b/epan/dissectors/packet-h264.c
@@ -38,7 +38,7 @@
 #include <epan/strutil.h>
 #include <epan/expert.h>
 #include <epan/prefs.h>
-
+#include <epan/wmem/wmem.h>
 
 /* Initialize the protocol and registered fields */
 static int proto_h264                                      = -1;
@@ -400,7 +400,7 @@ dissect_h264_exp_golomb_code(proto_tree *tree, int hf_index, tvbuff_t *tvb, gint
     bit_offset = *start_bit_offset;
 
     /* prepare the string */
-    str = (char *)ep_alloc(256);
+    str = (char *)wmem_alloc(wmem_packet_scope(), 256);
     str[0] = '\0';
     for (bit=0; bit<((int)(bit_offset&0x07)); bit++) {
         if (bit && (!(bit%4))) {
@@ -1064,7 +1064,7 @@ dissect_h265_unescap_nal_unit(tvbuff_t *tvb, packet_info *pinfo, int offset)
     int       i;
     gchar    *buff;
 
-    buff = (gchar *)g_malloc(length);
+    buff = (gchar *)wmem_alloc(pinfo->pool, length);
     for (i = 0; i < length; i++) {
         if ((i + 2 < length) && (tvb_get_ntoh24(tvb, offset) == 0x000003)) {
             buff[NumBytesInRBSP++] = tvb_get_guint8(tvb, offset);
@@ -1078,7 +1078,6 @@ dissect_h265_unescap_nal_unit(tvbuff_t *tvb, packet_info *pinfo, int offset)
     }
 
     tvb_rbsp = tvb_new_child_real_data(tvb, buff, NumBytesInRBSP, NumBytesInRBSP);
-    tvb_set_free_cb(tvb_rbsp, g_free);
     add_new_data_source(pinfo, tvb_rbsp, "Unescaped RSP Data");
 
     return tvb_rbsp;

diff --git a/epan/dissectors/packet-http.c b/epan/dissectors/packet-http.c
@@ -1794,7 +1794,7 @@ chunked_encoding_dissector(tvbuff_t **tvb_ptr, packet_info *pinfo,
 
         /* Dechunk the "chunked response" to a new memory buffer */
 	orig_datalen      = datalen;
-	raw_data	      = (guint8 *)g_malloc(datalen);
+	raw_data	      = (guint8 *)wmem_alloc(pinfo->pool, datalen);
 	raw_len		      = 0;
 	chunks_decoded	  = 0;
 	chunked_data_size = 0;
@@ -1894,14 +1894,12 @@ chunked_encoding_dissector(tvbuff_t **tvb_ptr, packet_info *pinfo,
 	if (chunked_data_size > 0) {
 		tvbuff_t *new_tvb;
 		new_tvb = tvb_new_child_real_data(tvb, raw_data, chunked_data_size, chunked_data_size);
-		tvb_set_free_cb(new_tvb, g_free);
 		*tvb_ptr = new_tvb;
 	} else {
 		/*
 		 * There was no actual chunk data, so don't allow sub dissectors
 		 * try to decode the non-existent entity body.
 		 */
-		g_free(raw_data);
 		chunks_decoded = -1;
 	}
 

diff --git a/epan/dissectors/packet-iscsi.c b/epan/dissectors/packet-iscsi.c
@@ -45,6 +45,7 @@
 #include <epan/conversation.h>
 #include "packet-scsi.h"
 #include <epan/emem.h>
+#include <epan/wmem/wmem.h>
 #include <epan/range.h>
 #include <wsutil/crc32.h>
 
@@ -1592,7 +1593,7 @@ dissect_iscsi_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint off
             /* We have a variable length CDB where bytes >16 is transported
              * in the AHS.
              */
-            cdb_buf=(guint8 *)g_malloc(16+ahs_cdb_length);
+            cdb_buf=(guint8 *)wmem_alloc(pinfo->pool, 16+ahs_cdb_length);
             /* the 16 first bytes of the cdb */
             tvb_memcpy(tvb, cdb_buf, cdb_offset, 16);
             /* the remainder of the cdb from the ahs */
@@ -1601,7 +1602,6 @@ dissect_iscsi_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint off
             cdb_tvb = tvb_new_child_real_data(tvb, cdb_buf,
                                               ahs_cdb_length+16,
                                               ahs_cdb_length+16);
-            tvb_set_free_cb(cdb_tvb, g_free);
 
             add_new_data_source(pinfo, cdb_tvb, "CDB+AHS");
         } else {