From Harald Welte:

Errors occur which means decrypted_len - esp_iv len will render a negative value and thus cause the problem. This patch prevents the crash. Not sure if this is a proper fix. At least it looks like a sane check to do. svn path=/trunk/; revision=29979
author: Jaap Keuter <jaap.keuter@xs4all.nl> 2009-09-18 06:29:00 +0000
committer: Jaap Keuter <jaap.keuter@xs4all.nl> 2009-09-18 06:29:00 +0000
commit: fe03355556ad92dfe29ad18a0e14cd93c0a095b9 (patch)
tree: a4945df49ec433f0efe6e1aae46dfc21590d15d9 /epan/dissectors/packet-ipsec.c
parent: cf84f1840ac5d1fe92860b9cc8e0f937199043b0 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/epan/dissectors/packet-ipsec.c b/epan/dissectors/packet-ipsec.c
index 358d8474ca..0e44af9745 100644
--- a/epan/dissectors/packet-ipsec.c
+++ b/epan/dissectors/packet-ipsec.c
@@ -2453,7 +2453,7 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 			}
 		    }
 
-		  if(decrypt_ok)
+		  if(decrypt_ok && (decrypted_len > esp_iv_len))
 		    {
 		      tvb_decrypted = tvb_new_child_real_data(tvb,
                                                               g_memdup(decrypted_data+sizeof(guint8)*esp_iv_len,
author	Jaap Keuter <jaap.keuter@xs4all.nl>	2009-09-18 06:29:00 +0000
committer	Jaap Keuter <jaap.keuter@xs4all.nl>	2009-09-18 06:29:00 +0000
commit	fe03355556ad92dfe29ad18a0e14cd93c0a095b9 (patch)
tree	a4945df49ec433f0efe6e1aae46dfc21590d15d9 /epan/dissectors/packet-ipsec.c
parent	cf84f1840ac5d1fe92860b9cc8e0f937199043b0 (diff)