osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

tnef: fix overflow leading to infinite loop 

Thanks to Vlad Tsyrklevich for the report, and Fabian Yamaguchi for the "joern"
tool which found the bug.

Bug: 11023
Change-Id: I53bc998c9934736698e7db5eba09a14e79a7c633
Reviewed-on: https://code.wireshark.org/review/7461
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
This commit is contained in:
Evan Huus 2015-03-01 18:33:10 -05:00
parent 724c2ed4c8
commit 608cf324b3
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
epan/dissectors/packet-tnef.c
View File

@ -604,7 +604,10 @@ static void dissect_tnef(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
}
}
offset += length;
/* check for overflow */
if (offset + length > (guint32)offset) {
offset += length;
}
proto_tree_add_item(attr_tree, hf_tnef_attribute_checksum, tvb, offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;