diff options
author | Balint Reczey <balint.reczey@ericsson.com> | 2012-07-18 15:14:45 +0000 |
---|---|---|
committer | Balint Reczey <balint.reczey@ericsson.com> | 2012-07-18 15:14:45 +0000 |
commit | 1f37a8cf14ca63e7980694fc7807cb5a7d91dc97 (patch) | |
tree | a088f176803eeec1db2507d21f4479f7406f8aa7 /epan | |
parent | 2350d1aecf163320e73c5caf8f224bfd08e7eb15 (diff) |
Fix crash in PPP dissector
Make sure that there is enough space allocated for PPP encapsulated CRTP
packet's header.
The bug can be triggered on an x86_64 system using the cpature file attached to
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680056
svn path=/trunk/; revision=43784
Diffstat (limited to 'epan')
-rw-r--r-- | epan/dissectors/packet-ppp.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/epan/dissectors/packet-ppp.c b/epan/dissectors/packet-ppp.c index 978c9fb5d1..fa295bd8a9 100644 --- a/epan/dissectors/packet-ppp.c +++ b/epan/dissectors/packet-ppp.c @@ -4542,6 +4542,11 @@ dissect_iphc_crtp_fh(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) /* allocate a copy of the IP packet */ ip_packet = tvb_memdup(tvb, 0, length); + /* + * make sure that we will be able to write the write the length information + * to the copy at least + */ + tvb_ensure_bytes_exist (tvb, ip_hdr_len, 5); /* restore the proper values to the IP and UDP length fields */ ip_packet[2] = length >> 8; |