diff options
author | Guy Harris <guy@alum.mit.edu> | 2020-04-12 14:55:52 -0700 |
---|---|---|
committer | Guy Harris <gharris@sonic.net> | 2020-04-12 22:44:12 +0000 |
commit | ada1a5c770e00d087385e2ec870291d67e190959 (patch) | |
tree | 9e3cc74ed429c428c7a1bca3a9f4547b40bb0988 /wiretap/lanalyzer.c | |
parent | 1070d7b37634e419d239ab878f6759f055746f0d (diff) |
Add record length checks.
Make sure the summary record is large enough; if not, report it as a bad
file.
If it's *too* large, skip the added data.
Clean up the length check for the header records - use sizeof, as we
later use sizeof when subtracting the fixed length portion's length.
Change-Id: I70697804eaa0cbbb1fb074eadf6457d237f26876
Reviewed-on: https://code.wireshark.org/review/36814
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Diffstat (limited to 'wiretap/lanalyzer.c')
-rw-r--r-- | wiretap/lanalyzer.c | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/wiretap/lanalyzer.c b/wiretap/lanalyzer.c index 6654a1bf23..7282f503d5 100644 --- a/wiretap/lanalyzer.c +++ b/wiretap/lanalyzer.c @@ -294,7 +294,7 @@ wtap_open_return_val lanalyzer_open(wtap *wth, int *err, gchar **err_info) } /* Read the major and minor version numbers */ - if (record_length < 2) { + if (record_length < sizeof header_fixed) { /* * Not enough room for the major and minor version numbers. * Just treat that as a "not a LANalyzer file" indication. @@ -355,6 +355,12 @@ wtap_open_return_val lanalyzer_open(wtap *wth, int *err, gchar **err_info) switch (record_type) { /* Trace Summary Record */ case RT_Summary: + if (record_length < sizeof summary) { + *err = WTAP_ERR_BAD_FILE; + *err_info = g_strdup_printf("lanalyzer: summary record length %u is too short", + record_length); + return WTAP_OPEN_ERROR; + } if (!wtap_read_bytes(wth->fh, summary, sizeof summary, err, err_info)) return WTAP_OPEN_ERROR; @@ -406,8 +412,15 @@ wtap_open_return_val lanalyzer_open(wtap *wth, int *err, gchar **err_info) *err_info = g_strdup_printf("lanalyzer: file has more than one summary record"); return WTAP_OPEN_ERROR; } - found_summary = TRUE; + + /* Skip the rest of the record */ + record_length -= sizeof summary; + if (record_length != 0) { + if (!wtap_read_bytes(wth->fh, NULL, record_length, err, err_info)) { + return WTAP_OPEN_ERROR; + } + } break; /* Trace Packet Data Record */ |