Hi Stefan,
Stefan Lesicnik wrote:
> I am busy patching these CVE's in Ubuntu and will forward the relevant
> patches to Debian once done.
For the record I wrote that last week (and got too busy again just
afterwards):
Thanks; I had a quick look at them [the subversion revisions] and
they apply cleanly onto 1.0.2, except for changes to packet-usb.c
where trailing whitespaces are touched but they are easy enough to
remove (cleaned patch attached, note it only has changes related to
packet-usb.c while the commit also touch packet-btrfcomm.c).
You will find the modified patch to packet-usb.c attached.
Frederic
--- trunk/epan/dissectors/packet-usb.c 2008/10/02 04:45:56 26332
+++ trunk/epan/dissectors/packet-usb.c 2008/10/02 04:55:51 26333
@@ -523,10 +523,9 @@
usb_conv_info = conversation_get_proto_data(conversation, proto_usb);
if(!usb_conv_info){
/* no not yet so create some */
- usb_conv_info = se_alloc(sizeof(usb_conv_info_t));
+ usb_conv_info = se_alloc0(sizeof(usb_conv_info_t));
usb_conv_info->interfaceClass=IF_CLASS_UNKNOWN;
usb_conv_info->transactions=se_tree_create_non_persistent(EMEM_TREE_TYPE_RED_BLACK, "usb transactions");
- usb_conv_info->class_data=NULL;
conversation_add_proto_data(conversation, proto_usb, usb_conv_info);
}
@@ -785,10 +784,9 @@
/* save the class so we can access it later in the endpoint descriptor */
usb_conv_info->interfaceClass=tvb_get_guint8(tvb, offset);
if(!pinfo->fd->flags.visited){
- usb_trans_info->interface_info=se_alloc(sizeof(usb_conv_info_t));
+ usb_trans_info->interface_info=se_alloc0(sizeof(usb_conv_info_t));
usb_trans_info->interface_info->interfaceClass=tvb_get_guint8(tvb, offset);
usb_trans_info->interface_info->transactions=se_tree_create_non_persistent(EMEM_TREE_TYPE_RED_BLACK, "usb transactions");
- usb_trans_info->interface_info->class_data=NULL;
}
offset++;
@@ -1393,12 +1391,9 @@
/* this is a request */
usb_trans_info=se_tree_lookup32(usb_conv_info->transactions, pinfo->fd->num);
if(!usb_trans_info){
- usb_trans_info=se_alloc(sizeof(usb_trans_info_t));
+ usb_trans_info=se_alloc0(sizeof(usb_trans_info_t));
usb_trans_info->request_in=pinfo->fd->num;
- usb_trans_info->response_in=0;
usb_trans_info->req_time=pinfo->fd->abs_ts;
- usb_trans_info->requesttype=0;
- usb_trans_info->request=0;
se_tree_insert32(usb_conv_info->transactions, pinfo->fd->num, usb_trans_info);
}
usb_conv_info->usb_trans_info=usb_trans_info;
