forked from osmocom/wireshark
Do the maximum block size check in pcap_read_block().
Do it before we even *try* to read the block, so that it's done in one place rather than having to be done in every routine to handle particular block types. The check was missing in the routine to read sysdig event blocks, so if we got a huge sysdig even block we'd try to allocate a huge amount of memory. Bug: 14403 Change-Id: Iff0fb0387e4499420598361be6d241f2832042d7 Reviewed-on: https://code.wireshark.org/review/25702 Reviewed-by: Guy Harris <guy@alum.mit.edu>
This commit is contained in:
parent
bd41b8e417
commit
f73ae69ba9
|
@ -726,21 +726,6 @@ pcapng_read_if_descr_block(wtap *wth, FILE_T fh, pcapng_block_header_t *bh,
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
/* Don't try to allocate memory for a huge number of options, as
|
||||
that might fail and, even if it succeeds, it might not leave
|
||||
any address space or memory+backing store for anything else.
|
||||
|
||||
We do that by imposing a maximum block size of MAX_BLOCK_SIZE.
|
||||
We check for this *after* checking the SHB for its byte
|
||||
order magic number, so that non-pcapng files are less
|
||||
likely to be treated as bad pcapng files. */
|
||||
if (bh->block_total_length > MAX_BLOCK_SIZE) {
|
||||
*err = WTAP_ERR_BAD_FILE;
|
||||
*err_info = g_strdup_printf("pcapng_read_if_descr_block: total block length %u is too large (> %u)",
|
||||
bh->block_total_length, MAX_BLOCK_SIZE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/* read block content */
|
||||
if (!wtap_read_bytes(fh, &idb, sizeof idb, err, err_info)) {
|
||||
pcapng_debug("pcapng_read_if_descr_block: failed to read IDB");
|
||||
|
@ -1065,21 +1050,6 @@ pcapng_read_packet_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t *pn, wta
|
|||
option_handler *handler;
|
||||
#endif
|
||||
|
||||
/* Don't try to allocate memory for a huge number of options, as
|
||||
that might fail and, even if it succeeds, it might not leave
|
||||
any address space or memory+backing store for anything else.
|
||||
|
||||
We do that by imposing a maximum block size of MAX_BLOCK_SIZE.
|
||||
We check for this *after* checking the SHB for its byte
|
||||
order magic number, so that non-pcapng files are less
|
||||
likely to be treated as bad pcapng files. */
|
||||
if (bh->block_total_length > MAX_BLOCK_SIZE) {
|
||||
*err = WTAP_ERR_BAD_FILE;
|
||||
*err_info = g_strdup_printf("pcapng_read_packet_block: total block length %u is too large (> %u)",
|
||||
bh->block_total_length, MAX_BLOCK_SIZE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/* "(Enhanced) Packet Block" read fixed part */
|
||||
if (enhanced) {
|
||||
/*
|
||||
|
@ -1432,21 +1402,6 @@ pcapng_read_simple_packet_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t *
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
/* Don't try to allocate memory for a huge number of options, as
|
||||
that might fail and, even if it succeeds, it might not leave
|
||||
any address space or memory+backing store for anything else.
|
||||
|
||||
We do that by imposing a maximum block size of MAX_BLOCK_SIZE.
|
||||
We check for this *after* checking the SHB for its byte
|
||||
order magic number, so that non-pcapng files are less
|
||||
likely to be treated as bad pcapng files. */
|
||||
if (bh->block_total_length > MAX_BLOCK_SIZE) {
|
||||
*err = WTAP_ERR_BAD_FILE;
|
||||
*err_info = g_strdup_printf("pcapng_read_simple_packet_block: total block length %u is too large (> %u)",
|
||||
bh->block_total_length, MAX_BLOCK_SIZE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/* "Simple Packet Block" read fixed part */
|
||||
if (!wtap_read_bytes(fh, &spb, sizeof spb, err, err_info)) {
|
||||
pcapng_debug("pcapng_read_simple_packet_block: failed to read packet data");
|
||||
|
@ -1655,21 +1610,6 @@ pcapng_read_name_resolution_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
/* Don't try to allocate memory for a huge number of options, as
|
||||
that might fail and, even if it succeeds, it might not leave
|
||||
any address space or memory+backing store for anything else.
|
||||
|
||||
We do that by imposing a maximum block size of MAX_BLOCK_SIZE.
|
||||
We check for this *after* checking the SHB for its byte
|
||||
order magic number, so that non-pcapng files are less
|
||||
likely to be treated as bad pcapng files. */
|
||||
if (bh->block_total_length > MAX_BLOCK_SIZE) {
|
||||
*err = WTAP_ERR_BAD_FILE;
|
||||
*err_info = g_strdup_printf("pcapng_read_name_resolution_block: total block length %u is too large (> %u)",
|
||||
bh->block_total_length, MAX_BLOCK_SIZE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
to_read = bh->block_total_length - 8 - 4; /* We have read the header and should not read the final block_total_length */
|
||||
|
||||
pcapng_debug("pcapng_read_name_resolution_block, total %d bytes", bh->block_total_length);
|
||||
|
@ -1969,21 +1909,6 @@ pcapng_read_interface_statistics_block(FILE_T fh, pcapng_block_header_t *bh, pca
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
/* Don't try to allocate memory for a huge number of options, as
|
||||
that might fail and, even if it succeeds, it might not leave
|
||||
any address space or memory+backing store for anything else.
|
||||
|
||||
We do that by imposing a maximum block size of MAX_BLOCK_SIZE.
|
||||
We check for this *after* checking the SHB for its byte
|
||||
order magic number, so that non-pcapng files are less
|
||||
likely to be treated as bad pcapng files. */
|
||||
if (bh->block_total_length > MAX_BLOCK_SIZE) {
|
||||
*err = WTAP_ERR_BAD_FILE;
|
||||
*err_info = g_strdup_printf("pcapng_read_interface_statistics_block: total block length %u is too large (> %u)",
|
||||
bh->block_total_length, MAX_BLOCK_SIZE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/* "Interface Statistics Block" read fixed part */
|
||||
if (!wtap_read_bytes(fh, &isb, sizeof isb, err, err_info)) {
|
||||
pcapng_debug("pcapng_read_interface_statistics_block: failed to read packet data");
|
||||
|
@ -2437,6 +2362,19 @@ pcapng_read_block(wtap *wth, FILE_T fh, pcapng_t *pn, wtapng_block_t *wblock, in
|
|||
*err_info = NULL;
|
||||
return PCAPNG_BLOCK_NOT_SHB;
|
||||
}
|
||||
|
||||
/* Don't try to allocate memory for a huge number of options, as
|
||||
that might fail and, even if it succeeds, it might not leave
|
||||
any address space or memory+backing store for anything else.
|
||||
|
||||
We do that by imposing a maximum block size of MAX_BLOCK_SIZE. */
|
||||
if (bh.block_total_length > MAX_BLOCK_SIZE) {
|
||||
*err = WTAP_ERR_BAD_FILE;
|
||||
*err_info = g_strdup_printf("pcapng_read_block: total block length %u is too large (> %u)",
|
||||
bh.block_total_length, MAX_BLOCK_SIZE);
|
||||
return PCAPNG_BLOCK_ERROR;
|
||||
}
|
||||
|
||||
switch (bh.block_type) {
|
||||
case(BLOCK_TYPE_IDB):
|
||||
if (!pcapng_read_if_descr_block(wth, fh, &bh, pn, wblock, err, err_info))
|
||||
|
|
Loading…
Reference in New Issue