forked from osmocom/wireshark
Reject pcap files that claim on-the-wire packet sizes > 64MB. This fixes many
heuristic cases broken in r49999 when we permitted packets > 64KB, since that relaxed so severely the definition of a valid packet header. 64MB is an arbitrary and perhaps suboptimal number, but it seems to do the right thing in all the examples I have handy. Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9634 svn path=/trunk/; revision=54812
This commit is contained in:
parent
61867d0b2f
commit
dae86605b6
|
@ -764,6 +764,24 @@ static int libpcap_read_header(wtap *wth, FILE_T fh, int *err, gchar **err_info,
|
|||
return -1;
|
||||
}
|
||||
|
||||
if (hdr->hdr.orig_len > 64*1024*1024) {
|
||||
/*
|
||||
* In theory I guess the on-the-wire packet size can be
|
||||
* arbitrarily large, and it can certainly be larger than the
|
||||
* 64KB which bounds the snapshot size, but any file claiming
|
||||
* 64MB in a single packet is *probably* corrupt, and makes the
|
||||
* heuristics much more reliable. See, for example,
|
||||
* https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9634
|
||||
* (64MB is an arbitrary size at this point)
|
||||
*/
|
||||
*err = WTAP_ERR_BAD_FILE;
|
||||
if (err_info != NULL) {
|
||||
*err_info = g_strdup_printf("pcap: File claims packet was %u bytes on the wire",
|
||||
hdr->hdr.orig_len);
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Disabling because this is not a fatal error, and packets that have
|
||||
* one such packet probably have thousands. For discussion, see
|
||||
* https://www.wireshark.org/lists/wireshark-dev/201307/msg00076.html
|
||||
|
|
Loading…
Reference in New Issue