forked from osmocom/wireshark
Make sure frag_size doesn't underflow, which would make us to try to
allocate a huge amount of memory. Fixed bug 63. svn path=/trunk/; revision=14115
This commit is contained in:
parent
e39e982856
commit
6dabb04f4e
|
@ -1134,12 +1134,19 @@ dissect_fc (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|||
is_exchg_resp = ((tvb_get_guint8 (tvb, offset+20) & 0x80) == 0x80);
|
||||
}
|
||||
|
||||
if (tvb_reported_length (tvb) <= FC_HEADER_SIZE)
|
||||
THROW(ReportedBoundsError);
|
||||
|
||||
frag_size = tvb_reported_length (tvb)-FC_HEADER_SIZE;
|
||||
|
||||
/* If there is an MDS header, we need to subtract the MDS trailer size */
|
||||
if ((pinfo->ethertype == ETHERTYPE_UNK) || (pinfo->ethertype == ETHERTYPE_FCFT)) {
|
||||
if (frag_size <= MDSHDR_TRAILER_SIZE)
|
||||
THROW(ReportedBoundsError);
|
||||
frag_size -= MDSHDR_TRAILER_SIZE;
|
||||
} else if (pinfo->ethertype == ETHERTYPE_BRDWALK) {
|
||||
if (frag_size <= 8)
|
||||
THROW(ReportedBoundsError);
|
||||
frag_size -= 8; /* 4 byte of FC CRC +
|
||||
4 bytes of error+EOF = 8 bytes */
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue