osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

Make sure frag_size doesn't underflow, which would make us to try to 

allocate a huge amount of memory.  Fixed bug 63.

svn path=/trunk/; revision=14115
This commit is contained in:
Gerald Combs 2005-04-17 20:44:58 +00:00
parent e39e982856
commit 6dabb04f4e
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
epan/dissectors/packet-fc.c
View File

@ -1134,12 +1134,19 @@ dissect_fc (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
is_exchg_resp = ((tvb_get_guint8 (tvb, offset+20) & 0x80) == 0x80);
}
if (tvb_reported_length (tvb) <= FC_HEADER_SIZE)
THROW(ReportedBoundsError);
frag_size = tvb_reported_length (tvb)-FC_HEADER_SIZE;
/* If there is an MDS header, we need to subtract the MDS trailer size */
if ((pinfo->ethertype == ETHERTYPE_UNK) || (pinfo->ethertype == ETHERTYPE_FCFT)) {
if (frag_size <= MDSHDR_TRAILER_SIZE)
THROW(ReportedBoundsError);
frag_size -= MDSHDR_TRAILER_SIZE;
} else if (pinfo->ethertype == ETHERTYPE_BRDWALK) {
if (frag_size <= 8)
THROW(ReportedBoundsError);
frag_size -= 8; /* 4 byte of FC CRC +
4 bytes of error+EOF = 8 bytes */
}