diff options
author | Gerald Combs <gerald@wireshark.org> | 2002-06-06 22:42:27 +0000 |
---|---|---|
committer | Gerald Combs <gerald@wireshark.org> | 2002-06-06 22:42:27 +0000 |
commit | 563a25c153bb7151aec036446dbfa8f119445c85 (patch) | |
tree | 69677b57a97a0dc760628c31a2f202f424b4596d /packet-wcp.c | |
parent | 358df4f2f41cafabde1d00b3b36ff2068c083a48 (diff) |
Keep an invalid packet length from overflowing a data buffer.
svn path=/trunk/; revision=5638
Diffstat (limited to 'packet-wcp.c')
-rw-r--r-- | packet-wcp.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/packet-wcp.c b/packet-wcp.c index 650e836d55..5beeb1d1b5 100644 --- a/packet-wcp.c +++ b/packet-wcp.c @@ -2,7 +2,7 @@ * Routines for Wellfleet Compression frame disassembly * Copyright 2001, Jeffrey C. Foster <jfoste@woodward.com> * - * $Id: packet-wcp.c,v 1.24 2002/06/04 07:03:47 guy Exp $ + * $Id: packet-wcp.c,v 1.25 2002/06/06 22:42:27 gerald Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -498,6 +498,14 @@ static tvbuff_t *wcp_uncompress( tvbuff_t *src_tvb, int offset, packet_info *pin buf_end = buf_start + MAX_WIN_BUF_LEN; tmp = buf_ptr->buf_cur; + if (cnt - offset > MAX_WCP_BUF_LEN) { + if (tree) + proto_tree_add_text( tree, src_tvb, offset, -1, + "Compressed data exceeds maximum buffer length (%d > %d)", + cnt - offset, MAX_WCP_BUF_LEN); + return NULL; + } + src = tvb_memcpy(src_tvb, src_buf, offset, cnt - offset); dst = buf_ptr->buf_cur; |