diff options
author | Michael Mann <mmann78@netscape.net> | 2015-11-28 19:08:11 -0500 |
---|---|---|
committer | Michael Mann <mmann78@netscape.net> | 2015-11-29 22:00:46 +0000 |
commit | 185911de7d337246044c8e99da2f5b4bac74c0d5 (patch) | |
tree | 01f1cce8601efb362e69ffd30a36a79e3326c280 /wiretap/vwr.c | |
parent | e639a13d11bcdb604482d924ebecb1c5bce97d50 (diff) |
Add bounds checking to find_signature.
Bug: 11791
Change-Id: Ibaa2c16229c1b78818283ba5f954b09f3894dc60
Reviewed-on: https://code.wireshark.org/review/12270
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'wiretap/vwr.c')
-rw-r--r-- | wiretap/vwr.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/wiretap/vwr.c b/wiretap/vwr.c index 179a0f64f9..846f0d5963 100644 --- a/wiretap/vwr.c +++ b/wiretap/vwr.c @@ -2211,7 +2211,7 @@ int find_signature(const guint8 *m_ptr, int rec_size, int pay_off, guint32 flow_ /* flow ID and sequence number at the appropriate offsets. */ for (tgt = pay_off; tgt < (rec_size); tgt++) { if (m_ptr[tgt] == 0xdd) { /* found magic byte? check fields */ - if (m_ptr[tgt + 15] == 0xe2) { + if ((tgt + 15 < rec_size) && (m_ptr[tgt + 15] == 0xe2)) { if (m_ptr[tgt + 4] != flow_seq) continue; @@ -2222,7 +2222,7 @@ int find_signature(const guint8 *m_ptr, int rec_size, int pay_off, guint32 flow_ return (tgt); } - else + else if (tgt + SIG_FSQ_OFF < rec_size) { /* out which one... */ if (m_ptr[tgt + SIG_FSQ_OFF] != flow_seq) /* check sequence number */ continue; /* if failed, keep scanning */ |