Add missing checks for a too-large packet, so we don't blow up trying to

allocate a huge buffer. svn path=/trunk/; revision=40170
author: Guy Harris <guy@alum.mit.edu> 2011-12-13 02:42:42 +0000
committer: Guy Harris <guy@alum.mit.edu> 2011-12-13 02:42:42 +0000
commit: c3da1f23d3793b4eb8ddf23f75a29d124c34b085 (patch)
tree: 98e800e5537d856b756e932ef7d66fa9da1e9afc /wiretap/packetlogger.c
parent: dd92029afa511018f80b3bf28eca30ff9f8ee967 (diff)
download: wireshark-c3da1f23d3793b4eb8ddf23f75a29d124c34b085.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/wiretap/packetlogger.c b/wiretap/packetlogger.c
index 79e67cfaf1..afe918f9a9 100644
--- a/wiretap/packetlogger.c
+++ b/wiretap/packetlogger.c
@@ -106,6 +106,16 @@ packetlogger_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset)
 		*err_info = g_strdup_printf("packetlogger: record length %u is too small", pl_hdr.len);
 		return FALSE;
 	}
+	if (pl_hdr.len - 8 > WTAP_MAX_PACKET_SIZE) {
+		/*
+		 * Probably a corrupt capture file; don't blow up trying
+		 * to allocate space for an immensely-large packet.
+		 */
+		*err = WTAP_ERR_BAD_RECORD;
+		*err_info = g_strdup_printf("packetlogger: File has %u-byte packet, bigger than maximum of %u",
+		    pl_hdr.len - 8, WTAP_MAX_PACKET_SIZE);
+		return FALSE;
+	}
 	
 	buffer_assure_space(wth->frame_buffer, pl_hdr.len - 8);
 	bytes_read = file_read(buffer_start_ptr(wth->frame_buffer),
author	Guy Harris <guy@alum.mit.edu>	2011-12-13 02:42:42 +0000
committer	Guy Harris <guy@alum.mit.edu>	2011-12-13 02:42:42 +0000
commit	c3da1f23d3793b4eb8ddf23f75a29d124c34b085 (patch)
tree	98e800e5537d856b756e932ef7d66fa9da1e9afc /wiretap/packetlogger.c
parent	dd92029afa511018f80b3bf28eca30ff9f8ee967 (diff)
download	wireshark-c3da1f23d3793b4eb8ddf23f75a29d124c34b085.tar.gz