forked from osmocom/wireshark
We can't check the length of an SHB until we determine the byte order.
Don't check a possibly-byte-swapped length against the minimum SHB size; it'll probably look huge if it's byte-swapped, so the test won't fail even if it is too small, and a really huge SHB's length could look too small if it's byte-swapped. Do the check *after* we've read the fixed-length portion of the block; yes, that means we've read past the purported size of the block at that point, but if that read succeeds, that doesn't matter, and if that read fails, it just means we'll report "file cut short" rather than "bad SHB length", *both* of which are problems with the file. Change-Id: Ie3b5700662f2a6da40d373a84f00a8fc2cf0ce1b Reviewed-on: https://code.wireshark.org/review/4692 Reviewed-by: Guy Harris <guy@alum.mit.edu>
This commit is contained in:
parent
44204614e8
commit
0ac9449442
|
@ -503,22 +503,7 @@ pcapng_read_section_header_block(FILE_T fh, gboolean first_block,
|
|||
pcapng_option_header_t oh;
|
||||
char *option_content = NULL; /* Allocate as large as the options block */
|
||||
|
||||
/*
|
||||
* Is this block long enough to be an SHB?
|
||||
*/
|
||||
if (bh->block_total_length < MIN_SHB_SIZE) {
|
||||
/*
|
||||
* No.
|
||||
*/
|
||||
if (first_block)
|
||||
return -2; /* probably not a pcap-ng file */
|
||||
*err = WTAP_ERR_BAD_FILE;
|
||||
*err_info = g_strdup_printf("pcapng_read_section_header_block: total block length %u of an SHB is less than the minimum SHB size %u",
|
||||
bh->block_total_length, MIN_SHB_SIZE);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* read block content */
|
||||
/* read fixed-length part of the block */
|
||||
if (!wtap_read_bytes(fh, &shb, sizeof shb, err, err_info)) {
|
||||
if (*err == WTAP_ERR_SHORT_READ) {
|
||||
if (first_block) {
|
||||
|
@ -571,6 +556,21 @@ pcapng_read_section_header_block(FILE_T fh, gboolean first_block,
|
|||
return -1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Is this block long enough to be an SHB?
|
||||
*/
|
||||
if (bh->block_total_length < MIN_SHB_SIZE) {
|
||||
/*
|
||||
* No.
|
||||
*/
|
||||
if (first_block)
|
||||
return -2; /* probably not a pcap-ng file */
|
||||
*err = WTAP_ERR_BAD_FILE;
|
||||
*err_info = g_strdup_printf("pcapng_read_section_header_block: total block length %u of an SHB is less than the minimum SHB size %u",
|
||||
bh->block_total_length, MIN_SHB_SIZE);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* OK, at this point we assume it's a pcap-ng file.
|
||||
|
||||
Don't try to allocate memory for a huge number of options, as
|
||||
|
|
Loading…
Reference in New Issue