Sanity check iSeries packet length to prevent heap-based buffer overflow.

Bug: 11798 Change-Id: I7aebe709ef4014a385819835ef6effabbb4f0ca4 Reviewed-on: https://code.wireshark.org/review/12238 Reviewed-by: Anders Broman <a.broman58@gmail.com>
2015-11-27 20:37:36 -05:00 · 2015-11-27 20:37:36 -05:00 · 38c53f9800
parent 44d98dafd4
commit 38c53f9800
1 changed files with 1 additions and 1 deletions
--- a/wiretap/iseries.c
+++ b/wiretap/iseries.c
@ -588,7 +588,7 @@ iseries_parse_packet (wtap * wth, FILE_T fh, struct wtap_pkthdr *phdr,
                "%12s%*[ \n\t]%12s%*[ \n\t]ETHV2%*[ \n\t]TYPE:%*[ \n\t]%4s",
                &pktnum, direction, &pkt_len, &hr, &min, &sec, csec, destmac,
                srcmac, type);
-      if (num_items_scanned == 10)
+      if ((num_items_scanned == 10) && (pkt_len >= 0))
        {
          /* OK! We found the packet header line */
          isValid = TRUE;