diff options
author | Chris Maynard <Christopher.Maynard@GTECH.COM> | 2012-05-24 23:35:23 +0000 |
---|---|---|
committer | Chris Maynard <Christopher.Maynard@GTECH.COM> | 2012-05-24 23:35:23 +0000 |
commit | 0c491764115161bfd8597c9bf0c9050b63493da0 (patch) | |
tree | 91d45e3b44f32a347724e942a04e661a2195f3cf /asn1/snmp | |
parent | b7e5cce7213a2652b1da716cdd7654e9b6e70154 (diff) | |
download | wireshark-0c491764115161bfd8597c9bf0c9050b63493da0.tar.gz |
tvb_length_remaining() can return a negative number, so be sure to handle it. Fixes Coverity CID's 280233-280235.
svn path=/trunk/; revision=42839
Diffstat (limited to 'asn1/snmp')
-rw-r--r-- | asn1/snmp/packet-snmp-template.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/asn1/snmp/packet-snmp-template.c b/asn1/snmp/packet-snmp-template.c index 060bf72f67..3f236977c7 100644 --- a/asn1/snmp/packet-snmp-template.c +++ b/asn1/snmp/packet-snmp-template.c @@ -1276,6 +1276,10 @@ snmp_usm_auth_md5(snmp_usm_params_t* p, guint8** calc_auth_p, guint* calc_auth_l } msg_len = tvb_length_remaining(p->msg_tvb,0); + if (msg_len <= 0) { + *error = "Not enough data remaining"; + return FALSE; + } msg = ep_tvb_memdup(p->msg_tvb,0,msg_len); @@ -1337,6 +1341,10 @@ snmp_usm_auth_sha1(snmp_usm_params_t* p _U_, guint8** calc_auth_p, guint* calc_a } msg_len = tvb_length_remaining(p->msg_tvb,0); + if (msg_len <= 0) { + *error = "Not enough data remaining"; + return FALSE; + } msg = ep_tvb_memdup(p->msg_tvb,0,msg_len); auth = ep_tvb_memdup(p->auth_tvb,0,auth_len); @@ -1396,7 +1404,7 @@ snmp_usm_priv_des(snmp_usm_params_t* p _U_, tvbuff_t* encryptedData _U_, gchar c cryptgrm_len = tvb_length_remaining(encryptedData,0); - if (cryptgrm_len % 8) { + if ((cryptgrm_len <= 0) || (cryptgrm_len % 8)) { *error = "decryptionError: the length of the encrypted data is not a mutiple of 8 octets"; return NULL; } @@ -1466,6 +1474,10 @@ snmp_usm_priv_aes(snmp_usm_params_t* p _U_, tvbuff_t* encryptedData _U_, gchar c tvb_memcpy(p->priv_tvb,&(iv[8]),0,8); cryptgrm_len = tvb_length_remaining(encryptedData,0); + if (cryptgrm_len <= 0) { + *error = "Not enough data remaining"; + return NULL; + } cryptgrm = ep_tvb_memdup(encryptedData,0,-1); cleartext = ep_alloc(cryptgrm_len); |