1 files changed, 9 insertions, 4 deletions

diff --git a/wiretap/erf.c b/wiretap/erf.c
index 7eebe0a44a..5ac2ae76fe 100644
--- a/wiretap/erf.c
+++ b/wiretap/erf.c
@@ -153,8 +153,7 @@ extern int erf_open(wtap *wth, int *err, gchar **err_info)
     if (packet_size > WTAP_MAX_PACKET_SIZE) {
       /*
        * Probably a corrupt capture file or a file that's not an ERF file
-       * but that passed earlier tests; don't blow up trying
-       * to allocate space for an immensely-large packet.
+       * but that passed earlier tests.
        */
       return 0;
     }
@@ -239,8 +238,8 @@ extern int erf_open(wtap *wth, int *err, gchar **err_info)
        is reached whereas the record is truncated */
     if (packet_size > WTAP_MAX_PACKET_SIZE) {
       /*
-       * Probably a corrupt capture file; don't blow up trying
-       * to allocate space for an immensely-large packet.
+       * Probably a corrupt capture file or a file that's not an ERF file
+       * but that passed earlier tests.
        */
       return 0;
     }
@@ -592,6 +591,12 @@ static gboolean erf_dump(
   gboolean must_add_crc = FALSE;
   guint32  crc32        = 0x00000000;
 
+  /* Don't write anything bigger than we're willing to read. */
+  if(phdr->caplen > WTAP_MAX_PACKET_SIZE) {
+    *err = WTAP_ERR_PACKET_TOO_LARGE;
+    return FALSE;
+  }
+
   if(wdh->encap == WTAP_ENCAP_PER_PACKET){
     encap = phdr->pkt_encap;
   }else{