forked from osmocom/wireshark
tnef: fix overflow leading to infinite loop
Thanks to Vlad Tsyrklevich for the report, and Fabian Yamaguchi for the "joern" tool which found the bug. Bug: 11023 Change-Id: I53bc998c9934736698e7db5eba09a14e79a7c633 Reviewed-on: https://code.wireshark.org/review/7461 Petri-Dish: Evan Huus <eapache@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Evan Huus <eapache@gmail.com>
This commit is contained in:
parent
724c2ed4c8
commit
608cf324b3
|
@ -604,7 +604,10 @@ static void dissect_tnef(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|||
}
|
||||
}
|
||||
|
||||
offset += length;
|
||||
/* check for overflow */
|
||||
if (offset + length > (guint32)offset) {
|
||||
offset += length;
|
||||
}
|
||||
|
||||
proto_tree_add_item(attr_tree, hf_tnef_attribute_checksum, tvb, offset, 2, ENC_LITTLE_ENDIAN);
|
||||
offset += 2;
|
||||
|
|
Loading…
Reference in New Issue