diff options
author | Pascal Quantin <pascal.quantin@gmail.com> | 2017-06-20 21:00:59 +0200 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2017-06-20 20:17:48 +0000 |
commit | e6883c15ac00942e3232213f087147e355f7494b (patch) | |
tree | fdd77018df0bbf0933c850ca040642c148a2bd45 /epan | |
parent | 3b7440996b2f3637656575ad121fa6edfa03cfcb (diff) | |
download | wireshark-e6883c15ac00942e3232213f087147e355f7494b.tar.gz |
IP: ensure that fragment contains payload before adding it for reassembly
Solves a UBSan runtime error null pointer passed as argument 1, which is
declared to never be null.
It can be reproduced with the pcap from bug 13603
Change-Id: I0d6fdddcccc892b3141855d59be372887afcaca5
Reviewed-on: https://code.wireshark.org/review/22272
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'epan')
-rw-r--r-- | epan/dissectors/packet-ip.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/epan/dissectors/packet-ip.c b/epan/dissectors/packet-ip.c index 6841abe3b7..689f6d9f2c 100644 --- a/epan/dissectors/packet-ip.c +++ b/epan/dissectors/packet-ip.c @@ -2248,6 +2248,7 @@ dissect_ip_v4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* */ save_fragmented = pinfo->fragmented; if (ip_defragment && (iph->ip_off & (IP_MF|IP_OFFSET)) && + iph->ip_len > hlen && tvb_bytes_exist(tvb, offset, iph->ip_len - hlen) && ipsum == 0) { ipfd_head = fragment_add_check(&ip_reassembly_table, tvb, offset, |