From 44f72a90eaffc8a0322b377c4a66c11bf63340dc Mon Sep 17 00:00:00 2001
From: Guy Harris <guy@alum.mit.edu>
Date: Fri, 29 Apr 2016 18:59:44 -0700
Subject: Check for packets bigger than WTAP_MAX_PACKET_SIZE.

Change-Id: If7cd6ae60b805121c3f54dcaa48d730b6cd9b648
Reviewed-on: https://code.wireshark.org/review/15183
Reviewed-by: Guy Harris <guy@alum.mit.edu>
---
 wiretap/aethra.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'wiretap/aethra.c')

diff --git a/wiretap/aethra.c b/wiretap/aethra.c
index a187593a0b..ac4ed1d6be 100644
--- a/wiretap/aethra.c
+++ b/wiretap/aethra.c
@@ -310,6 +310,17 @@ aethra_read_rec_header(wtap *wth, FILE_T fh, struct aethrarec_hdr *hdr,
 		    (unsigned int)(sizeof *hdr - sizeof hdr->rec_size));
 		return FALSE;
 	}
+	if (rec_size > WTAP_MAX_PACKET_SIZE) {
+		/*
+		 * Probably a corrupt capture file; return an error,
+		 * so that our caller doesn't blow up trying to allocate
+		 * space for an immensely-large packet.
+		 */
+		*err = WTAP_ERR_BAD_FILE;
+		*err_info = g_strdup_printf("aethra: File has %u-byte packet, bigger than maximum of %u",
+		    rec_size, WTAP_MAX_PACKET_SIZE);
+		return FALSE;
+	}
 
 	packet_size = rec_size - (guint32)(sizeof *hdr - sizeof hdr->rec_size);
 
-- 
cgit v1.2.3