SCTP: assure size before attempting checksum calculation

When checksum calculations are performed (irrespective of type) the calculation is assumed to be possible on at least a common header and optionally a payload. This assumption was not checked, which could lead to out of bound access of packet buffer data. Simply adding the assurance that enough buffer data is available avoids this out of bound access. CID 1439698 Change-Id: I5fec69b96b1064ffdda11f51b882fe5775844475 Reviewed-on: https://code.wireshark.org/review/33185 Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu <peter@lekensteyn.nl>
2019-05-13 20:29:18 +02:00 · 2019-05-13 20:29:18 +02:00 · 1573d4ddb2
parent 80920b0855
commit 1573d4ddb2
1 changed files with 2 additions and 1 deletions
--- a/epan/dissectors/packet-sctp.c
+++ b/epan/dissectors/packet-sctp.c
@ -4647,7 +4647,8 @@ dissect_sctp_packet(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolea
  sctp_info.checksum_zero = (checksum == 0);

  /* Only try to checksum the packet if we have all of it */
-  if (captured_length == reported_length) {
+  if ((captured_length == reported_length) &&
+     (captured_length >= COMMON_HEADER_LENGTH)) {

    switch(sctp_checksum) {
    case SCTP_CHECKSUM_NONE: