Check our original record length. Fixes a crash bug found by Huzaifa

Sidhpurwala of the Red Hat Security Response Team. git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@37068 f5534014-38df-0310-8fa8-9805f1628bb7
author: gerald <gerald@f5534014-38df-0310-8fa8-9805f1628bb7> 2011-05-11 22:36:59 +0000
committer: gerald <gerald@f5534014-38df-0310-8fa8-9805f1628bb7> 2011-05-11 22:36:59 +0000
commit: 789d289d97b00159956571aac582ca1e89725b59 (patch)
tree: da4ac9611b40256bc04dc2c0879d31acf5af48a2
parent: 825ab6f7347d7e52df4ae9380ce793f8f0783af8 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/wiretap/snoop.c b/wiretap/snoop.c
index 89cc8a5f8a..552cdbe37e 100644
--- a/wiretap/snoop.c
+++ b/wiretap/snoop.c
@@ -473,6 +473,16 @@ static gboolean snoop_read(wtap *wth, int *err, gchar **err_info,
 	rec_size = g_ntohl(hdr.rec_len);
 	orig_size = g_ntohl(hdr.orig_len);
 	packet_size = g_ntohl(hdr.incl_len);
+	if (orig_size > WTAP_MAX_PACKET_SIZE) {
+		/*
+		 * Probably a corrupt capture file; don't blow up trying
+		 * to allocate space for an immensely-large packet.
+		 */
+		*err = WTAP_ERR_BAD_RECORD;
+		*err_info = g_strdup_printf("snoop: File has %u-byte original length, bigger than maximum of %u",
+		    orig_size, WTAP_MAX_PACKET_SIZE);
+		return FALSE;
+	}
 	if (packet_size > WTAP_MAX_PACKET_SIZE) {
 		/*
 		 * Probably a corrupt capture file; don't blow up trying
author	gerald <gerald@f5534014-38df-0310-8fa8-9805f1628bb7>	2011-05-11 22:36:59 +0000
committer	gerald <gerald@f5534014-38df-0310-8fa8-9805f1628bb7>	2011-05-11 22:36:59 +0000
commit	789d289d97b00159956571aac582ca1e89725b59 (patch)
tree	da4ac9611b40256bc04dc2c0879d31acf5af48a2
parent	825ab6f7347d7e52df4ae9380ce793f8f0783af8 (diff)