IP: ensure that fragment contains payload before adding it for reassembly

Solves a UBSan runtime error null pointer passed as argument 1, which is declared to never be null. It can be reproduced with the pcap from bug 13603 Change-Id: I0d6fdddcccc892b3141855d59be372887afcaca5 Reviewed-on: https://code.wireshark.org/review/22272 Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com> Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2017-06-20 21:00:59 +02:00 · 2017-06-20 21:00:59 +02:00 · e6883c15ac
parent 3b7440996b
commit e6883c15ac
1 changed files with 1 additions and 0 deletions
--- a/epan/dissectors/packet-ip.c
+++ b/epan/dissectors/packet-ip.c
@ -2248,6 +2248,7 @@ dissect_ip_v4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void*
   */
  save_fragmented = pinfo->fragmented;
  if (ip_defragment && (iph->ip_off & (IP_MF|IP_OFFSET)) &&
+      iph->ip_len > hlen &&
      tvb_bytes_exist(tvb, offset, iph->ip_len - hlen) &&
      ipsum == 0) {
    ipfd_head = fragment_add_check(&ip_reassembly_table, tvb, offset,