diff options
author | Michael Mann <mmann78@netscape.net> | 2015-11-28 19:08:11 -0500 |
---|---|---|
committer | Michael Mann <mmann78@netscape.net> | 2015-11-29 22:01:37 +0000 |
commit | 51ccf92c014f6e1423ce74e62f7ebf8647e316e1 (patch) | |
tree | 30c819c76ce83d41c357d7a9f86093eba142cddf | |
parent | 01433a4b2912b54e4e31c62313836bbfe087da63 (diff) | |
download | wireshark-51ccf92c014f6e1423ce74e62f7ebf8647e316e1.tar.gz |
Add bounds checking to find_signature.
Bug: 11791
Change-Id: Ibaa2c16229c1b78818283ba5f954b09f3894dc60
Reviewed-on: https://code.wireshark.org/review/12270
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
(cherry picked from commit 185911de7d337246044c8e99da2f5b4bac74c0d5)
Reviewed-on: https://code.wireshark.org/review/12294
(cherry picked from commit e4267dd4d03b81c74cd6bc9f574f3f10936ee354)
Reviewed-on: https://code.wireshark.org/review/12295
-rw-r--r-- | wiretap/vwr.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/wiretap/vwr.c b/wiretap/vwr.c index c1bc5bd8ae..aa881d042c 100644 --- a/wiretap/vwr.c +++ b/wiretap/vwr.c @@ -2050,7 +2050,7 @@ int find_signature(const guint8 *m_ptr, int rec_size, int pay_off, guint32 flow_ /* flow ID and sequence number at the appropriate offsets. */ for (tgt = pay_off; tgt < (rec_size); tgt++) { if (m_ptr[tgt] == 0xdd) { /* found magic byte? check fields */ - if (m_ptr[tgt + 15] == 0xe2) { + if ((tgt + 15 < rec_size) && (m_ptr[tgt + 15] == 0xe2)) { if (m_ptr[tgt + 4] != flow_seq) continue; @@ -2061,7 +2061,7 @@ int find_signature(const guint8 *m_ptr, int rec_size, int pay_off, guint32 flow_ return (tgt); } - else + else if (tgt + SIG_FSQ_OFF < rec_size) { /* out which one... */ if (m_ptr[tgt + SIG_FSQ_OFF] != flow_seq) /* check sequence number */ continue; /* if failed, keep scanning */ |