diff options
author | Pascal Quantin <pascal.quantin@gmail.com> | 2017-06-20 21:00:59 +0200 |
---|---|---|
committer | Pascal Quantin <pascal.quantin@gmail.com> | 2017-06-20 20:22:40 +0000 |
commit | d0e902798e7b4f4363da01f0bf799ecc2e372063 (patch) | |
tree | 3b1e622c2f05aab6124f15de72918e5030ff083a /epan | |
parent | 06a002eee78ab547acc3c9dda8f162d4f0071f54 (diff) | |
download | wireshark-d0e902798e7b4f4363da01f0bf799ecc2e372063.tar.gz |
IP: ensure that fragment contains payload before adding it for reassembly
Solves a UBSan runtime error null pointer passed as argument 1, which is
declared to never be null.
It can be reproduced with the pcap from bug 13603
Change-Id: I0d6fdddcccc892b3141855d59be372887afcaca5
Reviewed-on: https://code.wireshark.org/review/22272
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit e6883c15ac00942e3232213f087147e355f7494b)
Reviewed-on: https://code.wireshark.org/review/22284
Diffstat (limited to 'epan')
-rw-r--r-- | epan/dissectors/packet-ip.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/epan/dissectors/packet-ip.c b/epan/dissectors/packet-ip.c index 6841abe3b7..689f6d9f2c 100644 --- a/epan/dissectors/packet-ip.c +++ b/epan/dissectors/packet-ip.c @@ -2248,6 +2248,7 @@ dissect_ip_v4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* */ save_fragmented = pinfo->fragmented; if (ip_defragment && (iph->ip_off & (IP_MF|IP_OFFSET)) && + iph->ip_len > hlen && tvb_bytes_exist(tvb, offset, iph->ip_len - hlen) && ipsum == 0) { ipfd_head = fragment_add_check(&ip_reassembly_table, tvb, offset, |