diff options
author | gerald <gerald@f5534014-38df-0310-8fa8-9805f1628bb7> | 2011-05-11 22:36:59 +0000 |
---|---|---|
committer | gerald <gerald@f5534014-38df-0310-8fa8-9805f1628bb7> | 2011-05-11 22:36:59 +0000 |
commit | 789d289d97b00159956571aac582ca1e89725b59 (patch) | |
tree | da4ac9611b40256bc04dc2c0879d31acf5af48a2 | |
parent | 825ab6f7347d7e52df4ae9380ce793f8f0783af8 (diff) |
Check our original record length. Fixes a crash bug found by Huzaifa
Sidhpurwala of the Red Hat Security Response Team.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@37068 f5534014-38df-0310-8fa8-9805f1628bb7
-rw-r--r-- | wiretap/snoop.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/wiretap/snoop.c b/wiretap/snoop.c index 89cc8a5f8a..552cdbe37e 100644 --- a/wiretap/snoop.c +++ b/wiretap/snoop.c @@ -473,6 +473,16 @@ static gboolean snoop_read(wtap *wth, int *err, gchar **err_info, rec_size = g_ntohl(hdr.rec_len); orig_size = g_ntohl(hdr.orig_len); packet_size = g_ntohl(hdr.incl_len); + if (orig_size > WTAP_MAX_PACKET_SIZE) { + /* + * Probably a corrupt capture file; don't blow up trying + * to allocate space for an immensely-large packet. + */ + *err = WTAP_ERR_BAD_RECORD; + *err_info = g_strdup_printf("snoop: File has %u-byte original length, bigger than maximum of %u", + orig_size, WTAP_MAX_PACKET_SIZE); + return FALSE; + } if (packet_size > WTAP_MAX_PACKET_SIZE) { /* * Probably a corrupt capture file; don't blow up trying |