Hi,
I have prepared an update for wireshark in Wheezy.
Please see the diff to previous version attached. A practically
identical changeset has been already accepted to jessie-security.
Changes:
wireshark (1.12.1+g01b65bf-4+deb8u6~deb7u4) wheezy-security; urgency=medium
.
* security fixes from Wireshark 2.0.6:
- The H.225 dissector could crash (CVE-2016-7176)
- The Catapult DCT2000 dissector could crash (CVE-2016-7177)
- The UMTS FP dissector could crash (CVE-2016-7178)
- The Catapult DCT2000 dissector could crash (CVE-2016-7179)
- The IPMI trace dissector could crash (CVE-2016-7180)
I plan uploading the package tomorrow around noon UTC.
Cheers,
Balint
diff -Nru wireshark-1.12.1+g01b65bf/debian/changelog wireshark-1.12.1+g01b65bf/debian/changelog
--- wireshark-1.12.1+g01b65bf/debian/changelog 2016-08-14 16:20:37.000000000 +0200
+++ wireshark-1.12.1+g01b65bf/debian/changelog 2016-09-20 18:05:25.000000000 +0200
@@ -1,3 +1,14 @@
+wireshark (1.12.1+g01b65bf-4+deb8u6~deb7u4) wheezy-security; urgency=medium
+
+ * security fixes from Wireshark 2.0.6:
+ - The H.225 dissector could crash (CVE-2016-7176)
+ - The Catapult DCT2000 dissector could crash (CVE-2016-7177)
+ - The UMTS FP dissector could crash (CVE-2016-7178)
+ - The Catapult DCT2000 dissector could crash (CVE-2016-7179)
+ - The IPMI trace dissector could crash (CVE-2016-7180)
+
+ -- Balint Reczey <balint@balintreczey.hu> Tue, 20 Sep 2016 18:05:16 +0200
+
wireshark (1.12.1+g01b65bf-4+deb8u6~deb7u3) wheezy-security; urgency=medium
* security fixes from Wireshark 1.12.13:
diff -Nru wireshark-1.12.1+g01b65bf/debian/patches/127_2.0.6_Don-t-snprintf-into-a-string-with-one-of-the-argumen.patch wireshark-1.12.1+g01b65bf/debian/patches/127_2.0.6_Don-t-snprintf-into-a-string-with-one-of-the-argumen.patch
--- wireshark-1.12.1+g01b65bf/debian/patches/127_2.0.6_Don-t-snprintf-into-a-string-with-one-of-the-argumen.patch 1970-01-01 01:00:00.000000000 +0100
+++ wireshark-1.12.1+g01b65bf/debian/patches/127_2.0.6_Don-t-snprintf-into-a-string-with-one-of-the-argumen.patch 2016-09-20 18:04:38.000000000 +0200
@@ -0,0 +1,695 @@
+From 8b20fac0cdcbeb0266caf5307600e1e1f4912b99 Mon Sep 17 00:00:00 2001
+From: Guy Harris <guy@alum.mit.edu>
+Date: Tue, 2 Aug 2016 20:39:34 -0700
+Subject: [PATCH 127/131] Don't snprintf() into a string with one of the
+ arguments being the same string.
+
+That doesn't work - you could be writing into the string from which
+you're reading.
+
+Conflicts:
+ asn1/h225/h225.cnf
+ epan/dissectors/packet-h225.c
+
+Bug: 12700
+
+Change-Id: I2fc6416e0613791dcd37ef70dbf00aae159008de
+Reviewed-on: https://code.wireshark.org/review/16852
+Reviewed-by: Guy Harris <guy@alum.mit.edu>
+Reviewed-on: https://code.wireshark.org/review/17800
+Reviewed-by: Balint Reczey <balint@balintreczey.hu>
+---
+ asn1/h225/h225.cnf | 58 +++++++++------
+ epan/dissectors/packet-h225.c | 168 +++++++++++++++++++++++-------------------
+ 2 files changed, 127 insertions(+), 99 deletions(-)
+
+diff --git a/asn1/h225/h225.cnf b/asn1/h225/h225.cnf
+index 2bece14..a6ad36b 100644
+--- a/asn1/h225/h225.cnf
++++ b/asn1/h225/h225.cnf
+@@ -274,8 +274,12 @@ IsupNumber/nationalStandardPartyNumber isupNationalStandardPartyNumber
+ dissect_h245_FastStart_OLC(value_tvb, %(ACTX)s->pinfo, tree, codec_str);
+ }
+
+- /* Add to packet info */
+- g_snprintf(h225_pi->frame_label, 50, "%%s %%s", h225_pi->frame_label, codec_str);
++ /* Add to packet info */
++ {
++ char temp[50];
++ g_snprintf(temp, 50, "%%s %%s", h225_pi->frame_label, codec_str);
++ g_strlcpy(h225_pi->frame_label, temp, 50);
++ }
+
+ contains_faststart = TRUE;
+ h225_pi->is_faststart = TRUE;
+@@ -362,10 +366,12 @@ IsupNumber/nationalStandardPartyNumber isupNationalStandardPartyNumber
+ #.FN_FTR Progress-UUIE
+ /* Add to packet info */
+ h225_pi->cs_type = H225_PROGRESS;
+- if (contains_faststart == TRUE )
+- g_snprintf(h225_pi->frame_label, 50, "%s OLC (%s)", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"), h225_pi->frame_label);
+- else
+- g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"));
++ if (contains_faststart) {
++ char temp[50];
++ g_snprintf(temp, 50, "%s OLC (%s)", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"), h225_pi->frame_label);
++ g_strlcpy(h225_pi->frame_label, temp, 50);
++ } else
++ g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"));
+ #.END
+ #----------------------------------------------------------------------------------------
+ #.FN_FTR SetupAcknowledge-UUIE
+@@ -389,28 +395,34 @@ IsupNumber/nationalStandardPartyNumber isupNationalStandardPartyNumber
+ #.FN_FTR Setup-UUIE
+ /* Add to packet info */
+ h225_pi->cs_type = H225_SETUP;
+- if (contains_faststart == TRUE )
+- g_snprintf(h225_pi->frame_label, 50, "%s OLC (%s)", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"), h225_pi->frame_label);
+- else
+- g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"));
++ if (contains_faststart) {
++ char temp[50];
++ g_snprintf(temp, 50, "%s OLC (%s)", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"), h225_pi->frame_label);
++ g_strlcpy(h225_pi->frame_label, temp, 50);
++ } else
++ g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"));
+ #.END
+ #----------------------------------------------------------------------------------------
+ #.FN_FTR CallProceeding-UUIE
+ /* Add to packet info */
+ h225_pi->cs_type = H225_CALL_PROCEDING;
+- if (contains_faststart == TRUE )
+- g_snprintf(h225_pi->frame_label, 50, "%s OLC (%s)", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"), h225_pi->frame_label);
+- else
+- g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"));
++ if (contains_faststart) {
++ char temp[50];
++ g_snprintf(temp, 50, "%s OLC (%s)", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"), h225_pi->frame_label);
++ g_strlcpy(h225_pi->frame_label, temp, 50);
++ } else
++ g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"));
+ #.END
+ #----------------------------------------------------------------------------------------
+ #.FN_FTR Alerting-UUIE
+ /* Add to packet info */
+ h225_pi->cs_type = H225_ALERTING;
+- if (contains_faststart == TRUE )
+- g_snprintf(h225_pi->frame_label, 50, "%s OLC (%s)", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"), h225_pi->frame_label);
+- else
+- g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"));
++ if (contains_faststart) {
++ char temp[50];
++ g_snprintf(temp, 50, "%s OLC (%s)", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"), h225_pi->frame_label);
++ g_strlcpy(h225_pi->frame_label, temp, 50);
++ } else
++ g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"));
+ #.END
+ #----------------------------------------------------------------------------------------
+ #.FN_FTR ReleaseComplete-UUIE
+@@ -422,10 +434,12 @@ IsupNumber/nationalStandardPartyNumber isupNationalStandardPartyNumber
+ #.FN_FTR Connect-UUIE
+ /* Add to packet info */
+ h225_pi->cs_type = H225_CONNECT;
+- if (contains_faststart == TRUE )
+- g_snprintf(h225_pi->frame_label, 50, "%s OLC (%s)", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"), h225_pi->frame_label);
+- else
+- g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"));
++ if (contains_faststart) {
++ char temp[50];
++ g_snprintf(temp, 50, "%s OLC (%s)", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"), h225_pi->frame_label);
++ g_strlcpy(h225_pi->frame_label, temp, 50);
++ } else
++ g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"));
+ #.END
+ #----------------------------------------------------------------------------------------
+ #.FN_HDR H245TransportAddress
+diff --git a/epan/dissectors/packet-h225.c b/epan/dissectors/packet-h225.c
+index ae708fd..07bbace 100644
+--- a/epan/dissectors/packet-h225.c
++++ b/epan/dissectors/packet-h225.c
+@@ -1182,7 +1182,7 @@ dissect_h225_ProtocolIdentifier(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *a
+
+ static int
+ dissect_h225_T_h245Ip(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 322 "../../asn1/h225/h225.cnf"
++#line 326 "../../asn1/h225/h225.cnf"
+ tvbuff_t *value_tvb;
+
+ ipv4_address = 0;
+@@ -1422,7 +1422,7 @@ static const per_sequence_t H221NonStandard_sequence[] = {
+
+ static int
+ dissect_h225_H221NonStandard(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 610 "../../asn1/h225/h225.cnf"
++#line 624 "../../asn1/h225/h225.cnf"
+ t35CountryCode = 0;
+ t35Extension = 0;
+ manufacturerCode = 0;
+@@ -1430,7 +1430,7 @@ dissect_h225_H221NonStandard(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx
+ offset = dissect_per_sequence(tvb, offset, actx, tree, hf_index,
+ ett_h225_H221NonStandard, H221NonStandard_sequence);
+
+-#line 614 "../../asn1/h225/h225.cnf"
++#line 628 "../../asn1/h225/h225.cnf"
+ h221NonStandard = ((t35CountryCode * 256) + t35Extension) * 65536 + manufacturerCode;
+ proto_tree_add_uint(tree, hf_h221Manufacturer, tvb, (offset>>3)-4, 4, h221NonStandard);
+
+@@ -1452,7 +1452,7 @@ static const per_choice_t NonStandardIdentifier_choice[] = {
+
+ static int
+ dissect_h225_NonStandardIdentifier(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 591 "../../asn1/h225/h225.cnf"
++#line 605 "../../asn1/h225/h225.cnf"
+ gint32 value;
+
+ nsiOID = "";
+@@ -1481,7 +1481,7 @@ dissect_h225_NonStandardIdentifier(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t
+
+ static int
+ dissect_h225_T_nsp_data(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 625 "../../asn1/h225/h225.cnf"
++#line 639 "../../asn1/h225/h225.cnf"
+ tvbuff_t *next_tvb = NULL;
+
+ offset = dissect_per_octet_string(tvb, offset, actx, tree, hf_index,
+@@ -1504,7 +1504,7 @@ static const per_sequence_t NonStandardParameter_sequence[] = {
+
+ int
+ dissect_h225_NonStandardParameter(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 623 "../../asn1/h225/h225.cnf"
++#line 637 "../../asn1/h225/h225.cnf"
+ nsp_handle = NULL;
+
+ offset = dissect_per_sequence(tvb, offset, actx, tree, hf_index,
+@@ -1538,7 +1538,7 @@ static const per_choice_t H245TransportAddress_choice[] = {
+
+ static int
+ dissect_h225_H245TransportAddress(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 432 "../../asn1/h225/h225.cnf"
++#line 446 "../../asn1/h225/h225.cnf"
+ ipv4_address=0;
+ ipv4_port=0;
+
+@@ -1547,7 +1547,7 @@ dissect_h225_H245TransportAddress(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t
+ ett_h225_H245TransportAddress, H245TransportAddress_choice,
+ NULL);
+
+-#line 438 "../../asn1/h225/h225.cnf"
++#line 452 "../../asn1/h225/h225.cnf"
+ /* we need this info for TAPing */
+ h225_pi->is_h245 = TRUE;
+ h225_pi->h245_address = ipv4_address;
+@@ -1574,7 +1574,7 @@ dissect_h225_H245TransportAddress(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t
+
+ static int
+ dissect_h225_DialedDigits(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 304 "../../asn1/h225/h225.cnf"
++#line 308 "../../asn1/h225/h225.cnf"
+ tvbuff_t *value_tvb = NULL;
+ guint len = 0;
+
+@@ -1891,7 +1891,7 @@ dissect_h225_PartyNumber(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_
+
+ static int
+ dissect_h225_TBCD_STRING(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 717 "../../asn1/h225/h225.cnf"
++#line 731 "../../asn1/h225/h225.cnf"
+ int min_len, max_len;
+ gboolean has_extension;
+
+@@ -2690,13 +2690,13 @@ static const per_sequence_t TunnelledProtocol_sequence[] = {
+
+ int
+ dissect_h225_TunnelledProtocol(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 568 "../../asn1/h225/h225.cnf"
++#line 582 "../../asn1/h225/h225.cnf"
+ tpOID = "";
+
+ offset = dissect_per_sequence(tvb, offset, actx, tree, hf_index,
+ ett_h225_TunnelledProtocol, TunnelledProtocol_sequence);
+
+-#line 570 "../../asn1/h225/h225.cnf"
++#line 584 "../../asn1/h225/h225.cnf"
+ tp_handle = dissector_get_string_handle(tp_dissector_table, tpOID);
+
+ return offset;
+@@ -2874,7 +2874,7 @@ dissect_h225_CallType(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, p
+
+ static int
+ dissect_h225_T_guid(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 542 "../../asn1/h225/h225.cnf"
++#line 556 "../../asn1/h225/h225.cnf"
+ tvbuff_t *guid_tvb = NULL;
+
+ actx->value_ptr = &guid_tvb;
+@@ -3100,8 +3100,12 @@ dissect_h225_FastStart_item(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx
+ dissect_h245_FastStart_OLC(value_tvb, actx->pinfo, tree, codec_str);
+ }
+
+- /* Add to packet info */
+- g_snprintf(h225_pi->frame_label, 50, "%s %s", h225_pi->frame_label, codec_str);
++ /* Add to packet info */
++ {
++ char temp[50];
++ g_snprintf(temp, 50, "%s %s", h225_pi->frame_label, codec_str);
++ g_strlcpy(h225_pi->frame_label, temp, 50);
++ }
+
+ contains_faststart = TRUE;
+ h225_pi->is_faststart = TRUE;
+@@ -3677,7 +3681,7 @@ dissect_h225_CircuitIdentifier(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *ac
+
+ static int
+ dissect_h225_T_standard(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 681 "../../asn1/h225/h225.cnf"
++#line 695 "../../asn1/h225/h225.cnf"
+ guint32 value_int = (guint32)-1;
+ gef_ctx_t *gefx;
+
+@@ -3695,7 +3699,7 @@ dissect_h225_T_standard(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_,
+
+ static int
+ dissect_h225_T_oid(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 690 "../../asn1/h225/h225.cnf"
++#line 704 "../../asn1/h225/h225.cnf"
+ const gchar *oid_str = NULL;
+ gef_ctx_t *gefx;
+
+@@ -3725,14 +3729,14 @@ static const per_choice_t GenericIdentifier_choice[] = {
+
+ int
+ dissect_h225_GenericIdentifier(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 668 "../../asn1/h225/h225.cnf"
++#line 682 "../../asn1/h225/h225.cnf"
+ gef_ctx_t *gefx;
+
+ offset = dissect_per_choice(tvb, offset, actx, tree, hf_index,
+ ett_h225_GenericIdentifier, GenericIdentifier_choice,
+ NULL);
+
+-#line 670 "../../asn1/h225/h225.cnf"
++#line 684 "../../asn1/h225/h225.cnf"
+ gef_ctx_update_key(gef_ctx_get(actx->private_data));
+ /* DEBUG */ /*proto_tree_add_text(tree, tvb, offset>>3, 0, "*** DEBUG GenericIdentifier: %s", gef_ctx_get(actx->private_data)->key);*/
+ gefx = gef_ctx_get(actx->private_data);
+@@ -3749,7 +3753,7 @@ dissect_h225_GenericIdentifier(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *ac
+
+ static int
+ dissect_h225_T_raw(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 700 "../../asn1/h225/h225.cnf"
++#line 714 "../../asn1/h225/h225.cnf"
+ tvbuff_t *value_tvb;
+ gef_ctx_t *gefx;
+
+@@ -3865,7 +3869,7 @@ static const per_sequence_t EnumeratedParameter_sequence[] = {
+
+ static int
+ dissect_h225_EnumeratedParameter(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 650 "../../asn1/h225/h225.cnf"
++#line 664 "../../asn1/h225/h225.cnf"
+ gef_ctx_t *parent_gefx;
+
+ parent_gefx = gef_ctx_get(actx->private_data);
+@@ -3874,7 +3878,7 @@ dissect_h225_EnumeratedParameter(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *
+ offset = dissect_per_sequence(tvb, offset, actx, tree, hf_index,
+ ett_h225_EnumeratedParameter, EnumeratedParameter_sequence);
+
+-#line 655 "../../asn1/h225/h225.cnf"
++#line 669 "../../asn1/h225/h225.cnf"
+ actx->private_data = parent_gefx;
+
+ return offset;
+@@ -3889,7 +3893,7 @@ static const per_sequence_t GenericData_sequence[] = {
+
+ int
+ dissect_h225_GenericData(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 636 "../../asn1/h225/h225.cnf"
++#line 650 "../../asn1/h225/h225.cnf"
+ void *priv_data = actx->private_data;
+ gef_ctx_t *gefx;
+
+@@ -3903,7 +3907,7 @@ dissect_h225_GenericData(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_
+ offset = dissect_per_sequence(tvb, offset, actx, tree, hf_index,
+ ett_h225_GenericData, GenericData_sequence);
+
+-#line 646 "../../asn1/h225/h225.cnf"
++#line 660 "../../asn1/h225/h225.cnf"
+ actx->private_data = priv_data;
+
+ return offset;
+@@ -3942,13 +3946,13 @@ dissect_h225_CircuitInfo(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_
+
+ static int
+ dissect_h225_FeatureDescriptor(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 660 "../../asn1/h225/h225.cnf"
++#line 674 "../../asn1/h225/h225.cnf"
+ void *priv_data = actx->private_data;
+ actx->private_data = gef_ctx_alloc(NULL, "FeatureDescriptor");
+
+ offset = dissect_h225_GenericData(tvb, offset, actx, tree, hf_index);
+
+-#line 663 "../../asn1/h225/h225.cnf"
++#line 677 "../../asn1/h225/h225.cnf"
+ actx->private_data = priv_data;
+
+ return offset;
+@@ -3971,7 +3975,7 @@ dissect_h225_SEQUENCE_OF_FeatureDescriptor(tvbuff_t *tvb _U_, int offset _U_, as
+
+ static int
+ dissect_h225_ParallelH245Control_item(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 333 "../../asn1/h225/h225.cnf"
++#line 337 "../../asn1/h225/h225.cnf"
+ tvbuff_t *h245_tvb = NULL;
+
+ offset = dissect_per_octet_string(tvb, offset, actx, tree, hf_index,
+@@ -4121,19 +4125,21 @@ static const per_sequence_t Setup_UUIE_sequence[] = {
+
+ static int
+ dissect_h225_Setup_UUIE(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 386 "../../asn1/h225/h225.cnf"
++#line 392 "../../asn1/h225/h225.cnf"
+ contains_faststart = FALSE;
+
+ offset = dissect_per_sequence(tvb, offset, actx, tree, hf_index,
+ ett_h225_Setup_UUIE, Setup_UUIE_sequence);
+
+-#line 390 "../../asn1/h225/h225.cnf"
++#line 396 "../../asn1/h225/h225.cnf"
+ /* Add to packet info */
+ h225_pi->cs_type = H225_SETUP;
+- if (contains_faststart == TRUE )
+- g_snprintf(h225_pi->frame_label, 50, "%s OLC (%s)", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"), h225_pi->frame_label);
+- else
+- g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"));
++ if (contains_faststart) {
++ char temp[50];
++ g_snprintf(temp, 50, "%s OLC (%s)", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"), h225_pi->frame_label);
++ g_strlcpy(h225_pi->frame_label, temp, 50);
++ } else
++ g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"));
+
+ return offset;
+ }
+@@ -4177,13 +4183,15 @@ dissect_h225_CallProceeding_UUIE(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *
+ offset = dissect_per_sequence(tvb, offset, actx, tree, hf_index,
+ ett_h225_CallProceeding_UUIE, CallProceeding_UUIE_sequence);
+
+-#line 399 "../../asn1/h225/h225.cnf"
++#line 407 "../../asn1/h225/h225.cnf"
+ /* Add to packet info */
+ h225_pi->cs_type = H225_CALL_PROCEDING;
+- if (contains_faststart == TRUE )
+- g_snprintf(h225_pi->frame_label, 50, "%s OLC (%s)", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"), h225_pi->frame_label);
+- else
+- g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"));
++ if (contains_faststart) {
++ char temp[50];
++ g_snprintf(temp, 50, "%s OLC (%s)", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"), h225_pi->frame_label);
++ g_strlcpy(h225_pi->frame_label, temp, 50);
++ } else
++ g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"));
+
+ return offset;
+ }
+@@ -4218,13 +4226,15 @@ dissect_h225_Connect_UUIE(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U
+ offset = dissect_per_sequence(tvb, offset, actx, tree, hf_index,
+ ett_h225_Connect_UUIE, Connect_UUIE_sequence);
+
+-#line 423 "../../asn1/h225/h225.cnf"
++#line 435 "../../asn1/h225/h225.cnf"
+ /* Add to packet info */
+ h225_pi->cs_type = H225_CONNECT;
+- if (contains_faststart == TRUE )
+- g_snprintf(h225_pi->frame_label, 50, "%s OLC (%s)", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"), h225_pi->frame_label);
+- else
+- g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"));
++ if (contains_faststart) {
++ char temp[50];
++ g_snprintf(temp, 50, "%s OLC (%s)", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"), h225_pi->frame_label);
++ g_strlcpy(h225_pi->frame_label, temp, 50);
++ } else
++ g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"));
+
+ return offset;
+ }
+@@ -4257,13 +4267,15 @@ dissect_h225_Alerting_UUIE(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _
+ offset = dissect_per_sequence(tvb, offset, actx, tree, hf_index,
+ ett_h225_Alerting_UUIE, Alerting_UUIE_sequence);
+
+-#line 408 "../../asn1/h225/h225.cnf"
++#line 418 "../../asn1/h225/h225.cnf"
+ /* Add to packet info */
+ h225_pi->cs_type = H225_ALERTING;
+- if (contains_faststart == TRUE )
+- g_snprintf(h225_pi->frame_label, 50, "%s OLC (%s)", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"), h225_pi->frame_label);
+- else
+- g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"));
++ if (contains_faststart) {
++ char temp[50];
++ g_snprintf(temp, 50, "%s OLC (%s)", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"), h225_pi->frame_label);
++ g_strlcpy(h225_pi->frame_label, temp, 50);
++ } else
++ g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"));
+
+ return offset;
+ }
+@@ -4285,7 +4297,7 @@ dissect_h225_Information_UUIE(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *act
+ offset = dissect_per_sequence(tvb, offset, actx, tree, hf_index,
+ ett_h225_Information_UUIE, Information_UUIE_sequence);
+
+-#line 357 "../../asn1/h225/h225.cnf"
++#line 361 "../../asn1/h225/h225.cnf"
+ /* Add to packet info */
+ h225_pi->cs_type = H225_INFORMATION;
+ g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"));
+@@ -4404,7 +4416,7 @@ static const per_choice_t ReleaseCompleteReason_choice[] = {
+
+ int
+ dissect_h225_ReleaseCompleteReason(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 535 "../../asn1/h225/h225.cnf"
++#line 549 "../../asn1/h225/h225.cnf"
+ gint32 value;
+
+ offset = dissect_per_choice(tvb, offset, actx, tree, hf_index,
+@@ -4440,7 +4452,7 @@ dissect_h225_ReleaseComplete_UUIE(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t
+ offset = dissect_per_sequence(tvb, offset, actx, tree, hf_index,
+ ett_h225_ReleaseComplete_UUIE, ReleaseComplete_UUIE_sequence);
+
+-#line 417 "../../asn1/h225/h225.cnf"
++#line 429 "../../asn1/h225/h225.cnf"
+ /* Add to packet info */
+ h225_pi->cs_type = H225_RELEASE_COMPLET;
+ g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"));
+@@ -4481,7 +4493,7 @@ static const per_choice_t FacilityReason_choice[] = {
+
+ static int
+ dissect_h225_FacilityReason(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 459 "../../asn1/h225/h225.cnf"
++#line 473 "../../asn1/h225/h225.cnf"
+ gint32 value;
+
+ offset = dissect_per_choice(tvb, offset, actx, tree, hf_index,
+@@ -4554,7 +4566,7 @@ dissect_h225_Facility_UUIE(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _
+ offset = dissect_per_sequence(tvb, offset, actx, tree, hf_index,
+ ett_h225_Facility_UUIE, Facility_UUIE_sequence);
+
+-#line 378 "../../asn1/h225/h225.cnf"
++#line 384 "../../asn1/h225/h225.cnf"
+ /* Add to packet info */
+ h225_pi->cs_type = H225_FACILITY;
+ g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"));
+@@ -4583,13 +4595,15 @@ dissect_h225_Progress_UUIE(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _
+ offset = dissect_per_sequence(tvb, offset, actx, tree, hf_index,
+ ett_h225_Progress_UUIE, Progress_UUIE_sequence);
+
+-#line 363 "../../asn1/h225/h225.cnf"
++#line 367 "../../asn1/h225/h225.cnf"
+ /* Add to packet info */
+ h225_pi->cs_type = H225_PROGRESS;
+- if (contains_faststart == TRUE )
+- g_snprintf(h225_pi->frame_label, 50, "%s OLC (%s)", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"), h225_pi->frame_label);
+- else
+- g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"));
++ if (contains_faststart) {
++ char temp[50];
++ g_snprintf(temp, 50, "%s OLC (%s)", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"), h225_pi->frame_label);
++ g_strlcpy(h225_pi->frame_label, temp, 50);
++ } else
++ g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"));
+
+ return offset;
+ }
+@@ -4600,7 +4614,7 @@ static int
+ dissect_h225_T_empty_flg(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+ offset = dissect_per_null(tvb, offset, actx, tree, hf_index);
+
+-#line 347 "../../asn1/h225/h225.cnf"
++#line 351 "../../asn1/h225/h225.cnf"
+ h225_pi->cs_type = H225_EMPTY;
+
+ return offset;
+@@ -4620,7 +4634,7 @@ dissect_h225_Status_UUIE(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_
+ offset = dissect_per_sequence(tvb, offset, actx, tree, hf_index,
+ ett_h225_Status_UUIE, Status_UUIE_sequence);
+
+-#line 351 "../../asn1/h225/h225.cnf"
++#line 355 "../../asn1/h225/h225.cnf"
+ /* Add to packet info */
+ h225_pi->cs_type = H225_STATUS;
+ g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"));
+@@ -4659,7 +4673,7 @@ dissect_h225_SetupAcknowledge_UUIE(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t
+ offset = dissect_per_sequence(tvb, offset, actx, tree, hf_index,
+ ett_h225_SetupAcknowledge_UUIE, SetupAcknowledge_UUIE_sequence);
+
+-#line 372 "../../asn1/h225/h225.cnf"
++#line 378 "../../asn1/h225/h225.cnf"
+ /* Add to packet info */
+ h225_pi->cs_type = H225_SETUP_ACK;
+ g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, "<unknown>"));
+@@ -4763,7 +4777,7 @@ dissect_h225_T_h323_message_body(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *
+
+ static int
+ dissect_h225_T_h4501SupplementaryService_item(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 556 "../../asn1/h225/h225.cnf"
++#line 570 "../../asn1/h225/h225.cnf"
+ tvbuff_t *h4501_tvb = NULL;
+
+ offset = dissect_per_octet_string(tvb, offset, actx, tree, hf_index,
+@@ -4803,7 +4817,7 @@ dissect_h225_T_h245Tunnelling(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *act
+
+ static int
+ dissect_h225_H245Control_item(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 340 "../../asn1/h225/h225.cnf"
++#line 344 "../../asn1/h225/h225.cnf"
+ tvbuff_t *h245_tvb = NULL;
+
+ offset = dissect_per_octet_string(tvb, offset, actx, tree, hf_index,
+@@ -4860,7 +4874,7 @@ dissect_h225_CallLinkage(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_
+
+ static int
+ dissect_h225_T_messageContent_item(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 578 "../../asn1/h225/h225.cnf"
++#line 592 "../../asn1/h225/h225.cnf"
+ tvbuff_t *next_tvb = NULL;
+
+ offset = dissect_per_octet_string(tvb, offset, actx, tree, hf_index,
+@@ -4896,7 +4910,7 @@ static const per_sequence_t T_tunnelledSignallingMessage_sequence[] = {
+
+ static int
+ dissect_h225_T_tunnelledSignallingMessage(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 576 "../../asn1/h225/h225.cnf"
++#line 590 "../../asn1/h225/h225.cnf"
+ tp_handle = NULL;
+
+ offset = dissect_per_sequence(tvb, offset, actx, tree, hf_index,
+@@ -5744,7 +5758,7 @@ static const per_choice_t GatekeeperRejectReason_choice[] = {
+
+ static int
+ dissect_h225_GatekeeperRejectReason(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 466 "../../asn1/h225/h225.cnf"
++#line 480 "../../asn1/h225/h225.cnf"
+ gint32 value;
+
+ offset = dissect_per_choice(tvb, offset, actx, tree, hf_index,
+@@ -6046,7 +6060,7 @@ static const per_choice_t RegistrationRejectReason_choice[] = {
+
+ static int
+ dissect_h225_RegistrationRejectReason(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 521 "../../asn1/h225/h225.cnf"
++#line 535 "../../asn1/h225/h225.cnf"
+ gint32 value;
+
+ offset = dissect_per_choice(tvb, offset, actx, tree, hf_index,
+@@ -6109,7 +6123,7 @@ static const per_choice_t UnregRequestReason_choice[] = {
+
+ static int
+ dissect_h225_UnregRequestReason(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 473 "../../asn1/h225/h225.cnf"
++#line 487 "../../asn1/h225/h225.cnf"
+ gint32 value;
+
+ offset = dissect_per_choice(tvb, offset, actx, tree, hf_index,
+@@ -6194,7 +6208,7 @@ static const per_choice_t UnregRejectReason_choice[] = {
+
+ static int
+ dissect_h225_UnregRejectReason(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 480 "../../asn1/h225/h225.cnf"
++#line 494 "../../asn1/h225/h225.cnf"
+ gint32 value;
+
+ offset = dissect_per_choice(tvb, offset, actx, tree, hf_index,
+@@ -6254,7 +6268,7 @@ dissect_h225_CallModel(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_,
+
+ static int
+ dissect_h225_DestinationInfo_item(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 299 "../../asn1/h225/h225.cnf"
++#line 303 "../../asn1/h225/h225.cnf"
+
+ h225_pi->is_destinationInfo = TRUE;
+
+@@ -6462,7 +6476,7 @@ static const per_choice_t AdmissionRejectReason_choice[] = {
+
+ static int
+ dissect_h225_AdmissionRejectReason(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 507 "../../asn1/h225/h225.cnf"
++#line 521 "../../asn1/h225/h225.cnf"
+ gint32 value;
+
+ offset = dissect_per_choice(tvb, offset, actx, tree, hf_index,
+@@ -6594,7 +6608,7 @@ static const per_choice_t BandRejectReason_choice[] = {
+
+ static int
+ dissect_h225_BandRejectReason(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 487 "../../asn1/h225/h225.cnf"
++#line 501 "../../asn1/h225/h225.cnf"
+ gint32 value;
+
+ offset = dissect_per_choice(tvb, offset, actx, tree, hf_index,
+@@ -6646,7 +6660,7 @@ static const per_choice_t DisengageReason_choice[] = {
+
+ static int
+ dissect_h225_DisengageReason(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 494 "../../asn1/h225/h225.cnf"
++#line 508 "../../asn1/h225/h225.cnf"
+ gint32 value;
+
+ offset = dissect_per_choice(tvb, offset, actx, tree, hf_index,
+@@ -6733,7 +6747,7 @@ static const per_choice_t DisengageRejectReason_choice[] = {
+
+ static int
+ dissect_h225_DisengageRejectReason(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 500 "../../asn1/h225/h225.cnf"
++#line 514 "../../asn1/h225/h225.cnf"
+ gint32 value;
+
+ offset = dissect_per_choice(tvb, offset, actx, tree, hf_index,
+@@ -6879,7 +6893,7 @@ static const per_choice_t LocationRejectReason_choice[] = {
+
+ static int
+ dissect_h225_LocationRejectReason(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 514 "../../asn1/h225/h225.cnf"
++#line 528 "../../asn1/h225/h225.cnf"
+ gint32 value;
+
+ offset = dissect_per_choice(tvb, offset, actx, tree, hf_index,
+@@ -7250,7 +7264,7 @@ static const per_choice_t InfoRequestNakReason_choice[] = {
+
+ static int
+ dissect_h225_InfoRequestNakReason(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 528 "../../asn1/h225/h225.cnf"
++#line 542 "../../asn1/h225/h225.cnf"
+ gint32 value;
+
+ offset = dissect_per_choice(tvb, offset, actx, tree, hf_index,
+@@ -7461,7 +7475,7 @@ static const per_choice_t RasMessage_choice[] = {
+
+ int
+ dissect_h225_RasMessage(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+-#line 285 "../../asn1/h225/h225.cnf"
++#line 289 "../../asn1/h225/h225.cnf"
+ gint32 rasmessage_value;
+
+ call_id_guid = NULL;
+--
+2.1.4
+
diff -Nru wireshark-1.12.1+g01b65bf/debian/patches/128_2.0.6_DCT2000-fix-a-buffer-overflow-in-case-of-malformed-p.patch wireshark-1.12.1+g01b65bf/debian/patches/128_2.0.6_DCT2000-fix-a-buffer-overflow-in-case-of-malformed-p.patch
--- wireshark-1.12.1+g01b65bf/debian/patches/128_2.0.6_DCT2000-fix-a-buffer-overflow-in-case-of-malformed-p.patch 1970-01-01 01:00:00.000000000 +0100
+++ wireshark-1.12.1+g01b65bf/debian/patches/128_2.0.6_DCT2000-fix-a-buffer-overflow-in-case-of-malformed-p.patch 2016-09-20 18:04:38.000000000 +0200
@@ -0,0 +1,39 @@
+From f6cd7ea19c4e29f34d15f9650db07a02f7b13f2c Mon Sep 17 00:00:00 2001
+From: Pascal Quantin <pascal.quantin@gmail.com>
+Date: Tue, 16 Aug 2016 23:52:03 +0200
+Subject: [PATCH 128/131] DCT2000: fix a buffer overflow in case of malformed
+ packet
+
+Bug: 12750
+Change-Id: Iff20efa46e000ab4ae77b2edbcb0b9af4634508c
+Reviewed-on: https://code.wireshark.org/review/17096
+Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
+Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
+Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
+Reviewed-by: Anders Broman <a.broman58@gmail.com>
+(cherry picked from commit 2e37b271c473e1cbd01d62ebe1f3b011fc9fe638)
+Reviewed-on: https://code.wireshark.org/review/17106
+(cherry picked from commit 2024fd0427a372e6e1d05f980d05430ef9c8c187)
+Reviewed-on: https://code.wireshark.org/review/17798
+Reviewed-by: Balint Reczey <balint@balintreczey.hu>
+---
+ epan/dissectors/packet-catapult-dct2000.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/epan/dissectors/packet-catapult-dct2000.c b/epan/dissectors/packet-catapult-dct2000.c
+index 2fa25b7..4cef69c 100644
+--- a/epan/dissectors/packet-catapult-dct2000.c
++++ b/epan/dissectors/packet-catapult-dct2000.c
+@@ -1587,6 +1587,9 @@ static void attach_fp_info(packet_info *pinfo, gboolean received, const char *pr
+
+ /* Number of channels (for coordinated channels) */
+ p_fp_info->num_chans = outhdr_values[i++];
++ if (p_fp_info->num_chans > MAX_FP_CHANS) {
++ p_fp_info->num_chans = MAX_FP_CHANS;
++ }
+
+ /* EDCH-Common is always T2 */
+ if (p_fp_info->channel == CHANNEL_EDCH_COMMON) {
+--
+2.1.4
+
diff -Nru wireshark-1.12.1+g01b65bf/debian/patches/129_2.0.6_FP-ensure-that-mac-and-rlc-structures-are-always-all.patch wireshark-1.12.1+g01b65bf/debian/patches/129_2.0.6_FP-ensure-that-mac-and-rlc-structures-are-always-all.patch
--- wireshark-1.12.1+g01b65bf/debian/patches/129_2.0.6_FP-ensure-that-mac-and-rlc-structures-are-always-all.patch 1970-01-01 01:00:00.000000000 +0100
+++ wireshark-1.12.1+g01b65bf/debian/patches/129_2.0.6_FP-ensure-that-mac-and-rlc-structures-are-always-all.patch 2016-09-20 18:04:38.000000000 +0200
@@ -0,0 +1,108 @@
+From 8e3411505ad2a420d7ef96eb52f2b1c02b0c4380 Mon Sep 17 00:00:00 2001
+From: Pascal Quantin <pascal.quantin@gmail.com>
+Date: Tue, 16 Aug 2016 23:11:12 +0200
+Subject: [PATCH 129/131] FP: ensure that mac and rlc structures are always
+ allocated
+
+Rather han checking everywhere that the RLC and MAC info are present in pinfo,
+allocate a temporary structure that will be dropped once packet dissection is
+over.
+
+Conflicts:
+ epan/dissectors/packet-umts_fp.c
+
+Bug: 12751
+Change-Id: I890430dd0c0b56d641777c15eedbf07fef082904
+Reviewed-on: https://code.wireshark.org/review/17094
+Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
+Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
+Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
+(cherry picked from commit 315bba7c645b75af24215c6303d187b188610bba)
+Reviewed-on: https://code.wireshark.org/review/17102
+Reviewed-on: https://code.wireshark.org/review/17801
+Reviewed-by: Balint Reczey <balint@balintreczey.hu>
+---
+ epan/dissectors/packet-umts_fp.c | 29 ++++++++++++++++++++++++++---
+ 1 file changed, 26 insertions(+), 3 deletions(-)
+
+diff --git a/epan/dissectors/packet-umts_fp.c b/epan/dissectors/packet-umts_fp.c
+index ca9a346..b9461be 100644
+--- a/epan/dissectors/packet-umts_fp.c
++++ b/epan/dissectors/packet-umts_fp.c
+@@ -2675,9 +2675,7 @@ dissect_e_dch_channel_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
+ ddi_ti = proto_tree_add_bits_ret_val(subframe_header_tree, hf_fp_edch_ddi, tvb,
+ offset*8 + bit_offset, 6, &ddi, ENC_BIG_ENDIAN);
+
+- if(rlcinf){
+- rlcinf->rbid[i] = (guint8)ddi;
+- }
++ rlcinf->rbid[i] = (guint8)ddi;
+ /********************************/
+ /* Look up data in higher layers*/
+ /* Look up the size from this DDI value */
+@@ -2726,6 +2724,9 @@ dissect_e_dch_channel_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
+ bit_offset = 0;
+
+ macinf = (umts_mac_info *)p_get_proto_data(wmem_file_scope(), pinfo, proto_umts_mac, 0);
++ if (!macinf) {
++ macinf = wmem_new0(wmem_packet_scope(), umts_mac_info);
++ }
+ /* Add subframe subtree */
+ subframe_ti = proto_tree_add_string_format(tree, hf_fp_edch_subframe, tvb, offset, 0,
+ "", "Subframe %u data", subframes[n].subframe_number);
+@@ -3115,7 +3116,13 @@ dissect_hsdsch_channel_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
+ rlc_info *rlcinf;
+
+ rlcinf = (rlc_info *)p_get_proto_data(wmem_file_scope(), pinfo, proto_rlc, 0);
++ if (!rlcinf) {
++ rlcinf = wmem_new0(wmem_packet_scope(), rlc_info);
++ }
+ macinf = (umts_mac_info *)p_get_proto_data(wmem_file_scope(), pinfo, proto_umts_mac, 0);
++ if (!macinf) {
++ macinf = wmem_new0(wmem_packet_scope(), umts_mac_info);
++ }
+
+ /**************************************/
+ /* HS-DCH data here (type 1 in R7) */
+@@ -3317,7 +3324,14 @@ dissect_hsdsch_type_2_channel_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree
+ rlc_info *rlcinf;
+
+ rlcinf = (rlc_info *)p_get_proto_data(wmem_file_scope(), pinfo, proto_rlc, 0);
++ if (!rlcinf) {
++ rlcinf = wmem_new0(wmem_packet_scope(), rlc_info);
++ }
+ macinf = (umts_mac_info *)p_get_proto_data(wmem_file_scope(), pinfo, proto_umts_mac, 0);
++ if (!macinf) {
++ macinf = wmem_new0(wmem_packet_scope(), umts_mac_info);
++ }
++
+ /********************************/
+ /* HS-DCH type 2 data here */
+
+@@ -3555,7 +3569,13 @@ void dissect_hsdsch_common_channel_info(tvbuff_t *tvb, packet_info *pinfo, proto
+ rlc_info *rlcinf;
+
+ rlcinf = (rlc_info *)p_get_proto_data(wmem_file_scope(), pinfo, proto_rlc, 0);
++ if (!rlcinf) {
++ rlcinf = wmem_new0(wmem_packet_scope(), rlc_info);
++ }
+ macinf = (umts_mac_info *)p_get_proto_data(wmem_file_scope(), pinfo, proto_umts_mac, 0);
++ if (!macinf) {
++ macinf = wmem_new0(wmem_packet_scope(), umts_mac_info);
++ }
+ /********************************/
+ /* HS-DCH type 2 data here */
+
+@@ -4267,6 +4287,9 @@ dissect_fp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+ }
+
+ rlcinf = (rlc_info *)p_get_proto_data(wmem_file_scope(), pinfo, proto_rlc, 0);
++ if (!rlcinf) {
++ rlcinf = wmem_new0(wmem_packet_scope(), rlc_info);
++ }
+
+ /* Show release information */
+ if (preferences_show_release_info) {
+--
+2.1.4
+
diff -Nru wireshark-1.12.1+g01b65bf/debian/patches/130_2.0.6_DCT2000-prevent-a-stack-buffer-overflow.patch wireshark-1.12.1+g01b65bf/debian/patches/130_2.0.6_DCT2000-prevent-a-stack-buffer-overflow.patch
--- wireshark-1.12.1+g01b65bf/debian/patches/130_2.0.6_DCT2000-prevent-a-stack-buffer-overflow.patch 1970-01-01 01:00:00.000000000 +0100
+++ wireshark-1.12.1+g01b65bf/debian/patches/130_2.0.6_DCT2000-prevent-a-stack-buffer-overflow.patch 2016-09-20 18:04:38.000000000 +0200
@@ -0,0 +1,40 @@
+From 0d1a93def0350cf0f16f9a28cdc2e854b814eb25 Mon Sep 17 00:00:00 2001
+From: Pascal Quantin <pascal.quantin@gmail.com>
+Date: Tue, 16 Aug 2016 23:40:25 +0200
+Subject: [PATCH 130/131] DCT2000: prevent a stack buffer overflow
+
+Conflicts:
+ epan/dissectors/packet-catapult-dct2000.c
+
+Bug: 12752
+Change-Id: I2007082909cea07314ac40d6db32ee9c2804ecdf
+Reviewed-on: https://code.wireshark.org/review/17095
+Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
+Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
+Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
+(cherry picked from commit 3b97fbddc23c065727b0147aab52a27c4aadffe7)
+Reviewed-on: https://code.wireshark.org/review/17104
+Reviewed-on: https://code.wireshark.org/review/17802
+Reviewed-by: Balint Reczey <balint@balintreczey.hu>
+---
+ epan/dissectors/packet-catapult-dct2000.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/epan/dissectors/packet-catapult-dct2000.c b/epan/dissectors/packet-catapult-dct2000.c
+index 4cef69c..43149c6 100644
+--- a/epan/dissectors/packet-catapult-dct2000.c
++++ b/epan/dissectors/packet-catapult-dct2000.c
+@@ -1406,8 +1406,8 @@ static void parse_outhdr_string(const guchar *outhdr_string, gint outhdr_string_
+ guint d;
+
+ /* Find digits */
+- for ( ; n < outhdr_string_len; n++) {
+- if (!isdigit(outhdr_string[n])) {
++ for ( ; (n < outhdr_string_len) && (number_digits < MAX_OUTHDR_VALUES); n++) {
++ if (!g_ascii_isdigit(outhdr_string[n])) {
+ break;
+ }
+ else {
+--
+2.1.4
+
diff -Nru wireshark-1.12.1+g01b65bf/debian/patches/131_2.0.6_IPMI-do-not-use-col_set_str-with-non-const-strings.patch wireshark-1.12.1+g01b65bf/debian/patches/131_2.0.6_IPMI-do-not-use-col_set_str-with-non-const-strings.patch
--- wireshark-1.12.1+g01b65bf/debian/patches/131_2.0.6_IPMI-do-not-use-col_set_str-with-non-const-strings.patch 1970-01-01 01:00:00.000000000 +0100
+++ wireshark-1.12.1+g01b65bf/debian/patches/131_2.0.6_IPMI-do-not-use-col_set_str-with-non-const-strings.patch 2016-09-20 18:04:38.000000000 +0200
@@ -0,0 +1,34 @@
+From d3df7f15f5562a73c312f9dce6099f4a44811cc0 Mon Sep 17 00:00:00 2001
+From: Pascal Quantin <pascal.quantin@gmail.com>
+Date: Wed, 24 Aug 2016 08:10:27 +0200
+Subject: [PATCH 131/131] IPMI: do not use col_set_str with non const strings
+
+Bug: 12782
+Change-Id: Ia082ccf5355d7f8dd6073861c59c804fecc96266
+Reviewed-on: https://code.wireshark.org/review/17289
+Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
+(cherry picked from commit 5213496250aceff086404c568e3718ebc0060934)
+Reviewed-on: https://code.wireshark.org/review/17291
+(cherry picked from commit 26daf4ae99b0dfb1e544c8250f36d7a00fd58dac)
+Reviewed-on: https://code.wireshark.org/review/17799
+Reviewed-by: Balint Reczey <balint@balintreczey.hu>
+---
+ epan/dissectors/packet-ipmi-trace.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/epan/dissectors/packet-ipmi-trace.c b/epan/dissectors/packet-ipmi-trace.c
+index fa5dc03..4139579 100755
+--- a/epan/dissectors/packet-ipmi-trace.c
++++ b/epan/dissectors/packet-ipmi-trace.c
+@@ -303,7 +303,7 @@ dissect_ipmi_trace(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+
+
+ col_add_fstr(pinfo->cinfo, COL_DEF_SRC, "Channel %d", chn_num);
+- col_set_str(pinfo->cinfo, COL_PROTOCOL,
++ col_add_str(pinfo->cinfo, COL_PROTOCOL,
+ val_to_str(data_type, str_protocol_types,
+ "Reserved (0x%02x)"));
+
+--
+2.1.4
+
diff -Nru wireshark-1.12.1+g01b65bf/debian/patches/series wireshark-1.12.1+g01b65bf/debian/patches/series
--- wireshark-1.12.1+g01b65bf/debian/patches/series 2016-08-12 20:29:06.000000000 +0200
+++ wireshark-1.12.1+g01b65bf/debian/patches/series 2016-09-20 18:04:38.000000000 +0200
@@ -117,3 +117,8 @@
124_1.12.13_LDSS-check-if-a-conversation-already-exists-before-r.patch
125_1.12.13_proto.c-add-bounds-check-to-proto_tree_add_text-_val.patch
126_proto.c-do-not-perform-bound-checks-in-proto_tree_ad.patch
+127_2.0.6_Don-t-snprintf-into-a-string-with-one-of-the-argumen.patch
+128_2.0.6_DCT2000-fix-a-buffer-overflow-in-case-of-malformed-p.patch
+129_2.0.6_FP-ensure-that-mac-and-rlc-structures-are-always-all.patch
+130_2.0.6_DCT2000-prevent-a-stack-buffer-overflow.patch
+131_2.0.6_IPMI-do-not-use-col_set_str-with-non-const-strings.patch
Attachment:
signature.asc
Description: OpenPGP digital signature