Fix crash in PPP dissector

Make sure that there is enough space allocated for PPP encapsulated CRTP packet's header. The bug can be triggered on an x86_64 system using the cpature file attached to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680056 svn path=/trunk/; revision=43784
author: Balint Reczey <balint.reczey@ericsson.com> 2012-07-18 15:14:45 +0000
committer: Balint Reczey <balint.reczey@ericsson.com> 2012-07-18 15:14:45 +0000
commit: 1f37a8cf14ca63e7980694fc7807cb5a7d91dc97 (patch)
tree: a088f176803eeec1db2507d21f4479f7406f8aa7
parent: 2350d1aecf163320e73c5caf8f224bfd08e7eb15 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/epan/dissectors/packet-ppp.c b/epan/dissectors/packet-ppp.c
index 978c9fb5d1..fa295bd8a9 100644
--- a/epan/dissectors/packet-ppp.c
+++ b/epan/dissectors/packet-ppp.c
@@ -4542,6 +4542,11 @@ dissect_iphc_crtp_fh(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 
     /* allocate a copy of the IP packet */
     ip_packet = tvb_memdup(tvb, 0, length);
+    /*
+     * make sure that we will be able to write the write the length information
+     * to the copy at least
+     */
+    tvb_ensure_bytes_exist (tvb, ip_hdr_len, 5);
 
     /* restore the proper values to the IP and UDP length fields */
     ip_packet[2] = length >> 8;
author	Balint Reczey <balint.reczey@ericsson.com>	2012-07-18 15:14:45 +0000
committer	Balint Reczey <balint.reczey@ericsson.com>	2012-07-18 15:14:45 +0000
commit	1f37a8cf14ca63e7980694fc7807cb5a7d91dc97 (patch)
tree	a088f176803eeec1db2507d21f4479f7406f8aa7
parent	2350d1aecf163320e73c5caf8f224bfd08e7eb15 (diff)