Accept file snaplen larger than WTAP_MAX_PACKET_SIZE,

text2pcap uses 102400.
This fixes bug 3620. Thanks to Tyson Key for reporting the bug
and providing capture files.
This fix should be included in Wireshark 1.2.1 and higher.

svn path=/trunk/; revision=28866

1 files changed, 6 insertions, 6 deletions

diff --git a/wiretap/pcapng.c b/wiretap/pcapng.c
index 0cd6a127be..88d9ada5f5 100644
--- a/wiretap/pcapng.c
+++ b/wiretap/pcapng.c
@@ -527,14 +527,14 @@ pcapng_read_if_descr_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t *pn,
 		      wtap_encap_string(wtap_pcap_encap_to_wtap_encap(wblock->data.if_descr.link_type)),
 		      wblock->data.if_descr.snap_len);
 
-	/* XXX - sanity check of snapshot length */
-	/* XXX - while a very big snapshot length is valid, it's more likely that it's a bug in the file */
-	/* XXX - so do a sanity check for now, it's likely e.g. a byte swap order problem */
 	if (wblock->data.if_descr.snap_len > WTAP_MAX_PACKET_SIZE) {
-		pcapng_debug1("pcapng_read_if_descr_block: snapshot length %u unrealistic", 
+		/* This is unrealisitic, but text2pcap currently uses 102400.
+		 * We do not use this value, maybe we should check the
+		 * snap_len of the packets against it. For now, only warn.
+		 */
+		pcapng_debug1("pcapng_read_if_descr_block: snapshot length %u unrealistic.",
 			      wblock->data.if_descr.snap_len);
-		/*wblock->data.if_descr.snap_len = 65535;*/
-		return 0;
+		/*wblock->data.if_descr.snap_len = WTAP_MAX_PACKET_SIZE;*/
 	}
 
 	/* Option defaults */