diff options
author | Jaap Keuter <jaap.keuter@xs4all.nl> | 2009-09-18 06:29:00 +0000 |
---|---|---|
committer | Jaap Keuter <jaap.keuter@xs4all.nl> | 2009-09-18 06:29:00 +0000 |
commit | fe03355556ad92dfe29ad18a0e14cd93c0a095b9 (patch) | |
tree | a4945df49ec433f0efe6e1aae46dfc21590d15d9 /epan/dissectors/packet-ipsec.c | |
parent | cf84f1840ac5d1fe92860b9cc8e0f937199043b0 (diff) |
From Harald Welte:
Errors occur which means decrypted_len - esp_iv len will render a negative value and thus
cause the problem. This patch prevents the crash. Not sure if this is a proper fix. At least it
looks like a sane check to do.
svn path=/trunk/; revision=29979
Diffstat (limited to 'epan/dissectors/packet-ipsec.c')
-rw-r--r-- | epan/dissectors/packet-ipsec.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/epan/dissectors/packet-ipsec.c b/epan/dissectors/packet-ipsec.c index 358d8474ca..0e44af9745 100644 --- a/epan/dissectors/packet-ipsec.c +++ b/epan/dissectors/packet-ipsec.c @@ -2453,7 +2453,7 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) } } - if(decrypt_ok) + if(decrypt_ok && (decrypted_len > esp_iv_len)) { tvb_decrypted = tvb_new_child_real_data(tvb, g_memdup(decrypted_data+sizeof(guint8)*esp_iv_len, |