summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Mann <mmann78@netscape.net>2015-11-28 19:08:11 -0500
committerMichael Mann <mmann78@netscape.net>2015-11-29 22:01:10 +0000
commite4267dd4d03b81c74cd6bc9f574f3f10936ee354 (patch)
treee91b62d711431e08d7b3f5294e66aba1ca3d53d2
parentbb206e8c6cc5a6d82e033d3e01e4e2202f5246bf (diff)
downloadwireshark-e4267dd4d03b81c74cd6bc9f574f3f10936ee354.tar.gz
Add bounds checking to find_signature.
Bug: 11791 Change-Id: Ibaa2c16229c1b78818283ba5f954b09f3894dc60 Reviewed-on: https://code.wireshark.org/review/12270 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net> (cherry picked from commit 185911de7d337246044c8e99da2f5b4bac74c0d5) Reviewed-on: https://code.wireshark.org/review/12294
Diffstat
-rw-r--r--wiretap/vwr.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/wiretap/vwr.c b/wiretap/vwr.c
index 3b9659322d..59350fce8a 100644
--- a/wiretap/vwr.c
+++ b/wiretap/vwr.c
@@ -2211,7 +2211,7 @@ int find_signature(const guint8 *m_ptr, int rec_size, int pay_off, guint32 flow_
/* flow ID and sequence number at the appropriate offsets. */
for (tgt = pay_off; tgt < (rec_size); tgt++) {
if (m_ptr[tgt] == 0xdd) { /* found magic byte? check fields */
- if (m_ptr[tgt + 15] == 0xe2) {
+ if ((tgt + 15 < rec_size) && (m_ptr[tgt + 15] == 0xe2)) {
if (m_ptr[tgt + 4] != flow_seq)
continue;
@@ -2222,7 +2222,7 @@ int find_signature(const guint8 *m_ptr, int rec_size, int pay_off, guint32 flow_
return (tgt);
}
- else
+ else if (tgt + SIG_FSQ_OFF < rec_size)
{ /* out which one... */
if (m_ptr[tgt + SIG_FSQ_OFF] != flow_seq) /* check sequence number */
continue; /* if failed, keep scanning */
generated by cgit v1.2.1 (git 2.18.0) at 2024-04-29 14:46:00 +0000