The recent length check added to proto_tree_add_string() revealed a

couple of problems when reading the PROTOS SNMP captures. Check for integer overflows in dissect_snmp_pdu and asn1_null_decode. svn path=/trunk/; revision=12609
author: Gerald Combs <gerald@wireshark.org> 2004-11-28 04:21:30 +0000
committer: Gerald Combs <gerald@wireshark.org> 2004-11-28 04:21:30 +0000
commit: a0ad7be1d14c16dfcfb6514cfe60047eb0f6a5fe (patch)
tree: aeec97b3cc7c2fffa44d52915ad3ec658a764c06 /asn1.c
parent: a95e6e04070900e34910b7cbad9facb35733f49b (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/asn1.c b/asn1.c
index ce734b7ef0..8edd59bcb8 100644
--- a/asn1.c
+++ b/asn1.c
@@ -418,7 +418,17 @@ asn1_eoc_decode (ASN1_SCK *asn1, int eoc)
 int
 asn1_null_decode ( ASN1_SCK *asn1, int enc_len)
 {
+    int start_off = asn1->offset;
+
     asn1->offset += enc_len;
+    /*
+     * Check for integer overflows.  
+     * XXX - ASN1_ERR_LENGTH_MISMATCH seemed like the most appropriate
+     *       error from the ones available.  Should we make a new one?
+     */
+    if (asn1->offset < 0 || asn1->offset < start_off)
+        return ASN1_ERR_LENGTH_MISMATCH;
+
     return ASN1_ERR_NOERROR;
 }
author	Gerald Combs <gerald@wireshark.org>	2004-11-28 04:21:30 +0000
committer	Gerald Combs <gerald@wireshark.org>	2004-11-28 04:21:30 +0000
commit	a0ad7be1d14c16dfcfb6514cfe60047eb0f6a5fe (patch)
tree	aeec97b3cc7c2fffa44d52915ad3ec658a764c06 /asn1.c
parent	a95e6e04070900e34910b7cbad9facb35733f49b (diff)