Add missing checks for a too-large packet, so we don't blow up trying to
allocate a huge buffer. svn path=/trunk/; revision=40170
This commit is contained in:
parent
dd92029afa
commit
c3da1f23d3
|
@ -500,10 +500,23 @@ static gboolean airopeekv9_read(wtap *wth, int *err, gchar **err_info,
|
|||
return FALSE;
|
||||
wth->data_offset += hdrlen;
|
||||
|
||||
/* force sliceLength to be the actual length of the packet */
|
||||
/*
|
||||
* If sliceLength is 0, force it to be the actual length of the packet.
|
||||
*/
|
||||
if (hdr_info.sliceLength == 0)
|
||||
hdr_info.sliceLength = hdr_info.length;
|
||||
|
||||
if (hdr_info.sliceLength > WTAP_MAX_PACKET_SIZE) {
|
||||
/*
|
||||
* Probably a corrupt capture file; don't blow up trying
|
||||
* to allocate space for an immensely-large packet.
|
||||
*/
|
||||
*err = WTAP_ERR_BAD_RECORD;
|
||||
*err_info = g_strdup_printf("airopeek9: File has %u-byte packet, bigger than maximum of %u",
|
||||
hdr_info.sliceLength, WTAP_MAX_PACKET_SIZE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/* fill in packet header length values before slicelength may be
|
||||
adjusted */
|
||||
wth->phdr.len = hdr_info.length;
|
||||
|
|
|
@ -318,6 +318,17 @@ static gboolean nettl_read(wtap *wth, int *err, gchar **err_info,
|
|||
}
|
||||
wth->data_offset += ret;
|
||||
|
||||
if (wth->phdr.caplen > WTAP_MAX_PACKET_SIZE) {
|
||||
/*
|
||||
* Probably a corrupt capture file; don't blow up trying
|
||||
* to allocate space for an immensely-large packet.
|
||||
*/
|
||||
*err = WTAP_ERR_BAD_RECORD;
|
||||
*err_info = g_strdup_printf("nettl: File has %u-byte packet, bigger than maximum of %u",
|
||||
wth->phdr.caplen, WTAP_MAX_PACKET_SIZE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
* If the per-file encapsulation isn't known, set it to this
|
||||
* packet's encapsulation.
|
||||
|
|
|
@ -106,6 +106,16 @@ packetlogger_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset)
|
|||
*err_info = g_strdup_printf("packetlogger: record length %u is too small", pl_hdr.len);
|
||||
return FALSE;
|
||||
}
|
||||
if (pl_hdr.len - 8 > WTAP_MAX_PACKET_SIZE) {
|
||||
/*
|
||||
* Probably a corrupt capture file; don't blow up trying
|
||||
* to allocate space for an immensely-large packet.
|
||||
*/
|
||||
*err = WTAP_ERR_BAD_RECORD;
|
||||
*err_info = g_strdup_printf("packetlogger: File has %u-byte packet, bigger than maximum of %u",
|
||||
pl_hdr.len - 8, WTAP_MAX_PACKET_SIZE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
buffer_assure_space(wth->frame_buffer, pl_hdr.len - 8);
|
||||
bytes_read = file_read(buffer_start_ptr(wth->frame_buffer),
|
||||
|
|
Loading…
Reference in New Issue