IP: ensure that fragment contains payload before adding it for reassembly

Solves a UBSan runtime error null pointer passed as argument 1, which is declared to never be null. It can be reproduced with the pcap from bug 13603 Change-Id: I0d6fdddcccc892b3141855d59be372887afcaca5 Reviewed-on: https://code.wireshark.org/review/22272 Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com> Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
author: Pascal Quantin <pascal.quantin@gmail.com> 2017-06-20 21:00:59 +0200
committer: Anders Broman <a.broman58@gmail.com> 2017-06-20 20:17:48 +0000
commit: e6883c15ac00942e3232213f087147e355f7494b (patch)
tree: fdd77018df0bbf0933c850ca040642c148a2bd45 /epan
parent: 3b7440996b2f3637656575ad121fa6edfa03cfcb (diff)
download: wireshark-e6883c15ac00942e3232213f087147e355f7494b.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/epan/dissectors/packet-ip.c b/epan/dissectors/packet-ip.c
index 6841abe3b7..689f6d9f2c 100644
--- a/epan/dissectors/packet-ip.c
+++ b/epan/dissectors/packet-ip.c
@@ -2248,6 +2248,7 @@ dissect_ip_v4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void*
    */
   save_fragmented = pinfo->fragmented;
   if (ip_defragment && (iph->ip_off & (IP_MF|IP_OFFSET)) &&
+      iph->ip_len > hlen &&
       tvb_bytes_exist(tvb, offset, iph->ip_len - hlen) &&
       ipsum == 0) {
     ipfd_head = fragment_add_check(&ip_reassembly_table, tvb, offset,
author	Pascal Quantin <pascal.quantin@gmail.com>	2017-06-20 21:00:59 +0200
committer	Anders Broman <a.broman58@gmail.com>	2017-06-20 20:17:48 +0000
commit	e6883c15ac00942e3232213f087147e355f7494b (patch)
tree	fdd77018df0bbf0933c850ca040642c148a2bd45 /epan
parent	3b7440996b2f3637656575ad121fa6edfa03cfcb (diff)
download	wireshark-e6883c15ac00942e3232213f087147e355f7494b.tar.gz