diff options
author | Dario Lombardo <lomato@gmail.com> | 2015-08-27 18:01:27 +0200 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2015-08-30 09:46:22 +0000 |
commit | e0a87d8cd1c738a012295f8cbf107de7fe131a75 (patch) | |
tree | 22088a4872d5839a2268d252a1bfbca0f386fb78 /wiretap | |
parent | 6c065783c5698e699067ad2b50fd884ee8408ace (diff) |
stanag4607: add check for wtap max size.
Bug: 11472
Change-Id: Ic269046e697ac5e65301caf4ea5586098d030458
Reviewed-on: https://code.wireshark.org/review/10279
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'wiretap')
-rw-r--r-- | wiretap/stanag4607.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/wiretap/stanag4607.c b/wiretap/stanag4607.c index 1845cc0ab5..9aa3105ba3 100644 --- a/wiretap/stanag4607.c +++ b/wiretap/stanag4607.c @@ -73,6 +73,16 @@ static gboolean stanag4607_read_file(wtap *wth, FILE_T fh, struct wtap_pkthdr *p /* The next 4 bytes are the packet length */ packet_size = pntoh32(&stanag_pkt_hdr[2]); + if (packet_size > WTAP_MAX_PACKET_SIZE) { + /* + * Probably a corrupt capture file; don't blow up trying + * to allocate space for an immensely-large packet. + */ + *err = WTAP_ERR_BAD_FILE; + *err_info = g_strdup_printf("stanag4607: File has %" G_GUINT32_FORMAT "d-byte packet, " + "bigger than maximum of %u", packet_size, WTAP_MAX_PACKET_SIZE); + return FALSE; + } phdr->caplen = packet_size; phdr->len = packet_size; |