diff options
author | Guy Harris <guy@alum.mit.edu> | 2016-04-30 11:30:07 -0700 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2016-04-30 18:30:57 +0000 |
commit | 0bffb1663ecb4229699ba7263f4ed7f9824c5fc0 (patch) | |
tree | df6982b5a26eb0a1140da951f044cb52b79e7a61 /wiretap/dbs-etherwatch.c | |
parent | 80e554659e17be8ab7fbe1eb3091b0445dc8cc0b (diff) | |
download | wireshark-0bffb1663ecb4229699ba7263f4ed7f9824c5fc0.tar.gz |
Clean up packet length handling.
Treat the packet length as unsigned - it shouldn't be negative in the
file. If it is, that'll probably cause the sscanf to fail, so we'll
report the file as bad.
A normal packet should be Ethernet-sized; initially make the buffer big
enough for a maximum-sized Ethernet packet.
Once we know the payload length, check to make sure the packet length
won't be > WTAP_MAX_PACKET_SIZE and fail if it will. Then boost the
buffer size to be large enough for the packet, even if it's bigger than
a maximum-sized Ethernet packet.
Change-Id: I75b2108dd68f5bc5cd436bf5b82990089a7116bf
Reviewed-on: https://code.wireshark.org/review/15200
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Diffstat (limited to 'wiretap/dbs-etherwatch.c')
-rw-r--r-- | wiretap/dbs-etherwatch.c | 32 |
1 files changed, 25 insertions, 7 deletions
diff --git a/wiretap/dbs-etherwatch.c b/wiretap/dbs-etherwatch.c index b4543846b2..33d9428099 100644 --- a/wiretap/dbs-etherwatch.c +++ b/wiretap/dbs-etherwatch.c @@ -77,9 +77,10 @@ static const char dbs_etherwatch_rec_magic[] = (sizeof dbs_etherwatch_rec_magic / sizeof dbs_etherwatch_rec_magic[0]) /* - * XXX - is this the biggest packet we can get? + * Default packet size - maximum normal Ethernet packet size, without an + * FCS. */ -#define DBS_ETHERWATCH_MAX_PACKET_LEN 16384 +#define DBS_ETHERWATCH_MAX_ETHERNET_PACKET_LEN 1514 static gboolean dbs_etherwatch_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset); @@ -272,16 +273,17 @@ parse_dbs_etherwatch_packet(struct wtap_pkthdr *phdr, FILE_T fh, Buffer* buf, guint8 *pd; char line[DBS_ETHERWATCH_LINE_LENGTH]; int num_items_scanned; - int eth_hdr_len, pkt_len, csec; + int eth_hdr_len, csec; + guint pkt_len; int length_pos, length_from, length; struct tm tm; char mon[4] = "xxx"; gchar *p; static const gchar months[] = "JANFEBMARAPRMAYJUNJULAUGSEPOCTNOVDEC"; - int count, line_count; + guint count, line_count; - /* Make sure we have enough room for the packet */ - ws_buffer_assure_space(buf, DBS_ETHERWATCH_MAX_PACKET_LEN); + /* Make sure we have enough room for a regular Ethernet packet */ + ws_buffer_assure_space(buf, DBS_ETHERWATCH_MAX_ETHERNET_PACKET_LEN); pd = ws_buffer_start_ptr(buf); eth_hdr_len = 0; @@ -349,7 +351,7 @@ parse_dbs_etherwatch_packet(struct wtap_pkthdr *phdr, FILE_T fh, Buffer* buf, } num_items_scanned = sscanf(line + LENGTH_POS, - "%9d byte buffer at %2d-%3s-%4d %2d:%2d:%2d.%9d", + "%9u byte buffer at %2d-%3s-%4d %2d:%2d:%2d.%9d", &pkt_len, &tm.tm_mday, mon, &tm.tm_year, &tm.tm_hour, &tm.tm_min, @@ -442,6 +444,22 @@ parse_dbs_etherwatch_packet(struct wtap_pkthdr *phdr, FILE_T fh, Buffer* buf, phdr->caplen = eth_hdr_len + pkt_len; phdr->len = eth_hdr_len + pkt_len; + if (phdr->caplen > WTAP_MAX_PACKET_SIZE) { + /* + * Probably a corrupt capture file; return an error, + * so that our caller doesn't blow up trying to allocate + * space for an immensely-large packet. + */ + *err = WTAP_ERR_BAD_FILE; + *err_info = g_strdup_printf("dbs_etherwatch: File has %u-byte packet, bigger than maximum of %u", + phdr->caplen, WTAP_MAX_PACKET_SIZE); + return FALSE; + } + + /* Make sure we have enough room, even for an oversized Ethernet packet */ + ws_buffer_assure_space(buf, phdr->caplen); + pd = ws_buffer_start_ptr(buf); + /* * We don't have an FCS in this frame. */ |