From 38c53f9800dc49fca3dad9d9cc9cfb0eea8f52b5 Mon Sep 17 00:00:00 2001
From: Michael Mann <mmann78@netscape.net>
Date: Fri, 27 Nov 2015 20:37:36 -0500
Subject: [PATCH] Sanity check iSeries packet length to prevent heap-based
 buffer overflow.

Bug: 11798
Change-Id: I7aebe709ef4014a385819835ef6effabbb4f0ca4
Reviewed-on: https://code.wireshark.org/review/12238
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
 wiretap/iseries.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wiretap/iseries.c b/wiretap/iseries.c
index 1b7f812e80..4fb1bab118 100644
--- a/wiretap/iseries.c
+++ b/wiretap/iseries.c
@@ -588,7 +588,7 @@ iseries_parse_packet (wtap * wth, FILE_T fh, struct wtap_pkthdr *phdr,
                 "%12s%*[ \n\t]%12s%*[ \n\t]ETHV2%*[ \n\t]TYPE:%*[ \n\t]%4s",
                 &pktnum, direction, &pkt_len, &hr, &min, &sec, csec, destmac,
                 srcmac, type);
-      if (num_items_scanned == 10)
+      if ((num_items_scanned == 10) && (pkt_len >= 0))
         {
           /* OK! We found the packet header line */
           isValid = TRUE;