diff options
author | Guy Harris <guy@alum.mit.edu> | 2011-12-13 02:42:42 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2011-12-13 02:42:42 +0000 |
commit | c3da1f23d3793b4eb8ddf23f75a29d124c34b085 (patch) | |
tree | 98e800e5537d856b756e932ef7d66fa9da1e9afc /wiretap/packetlogger.c | |
parent | dd92029afa511018f80b3bf28eca30ff9f8ee967 (diff) | |
download | wireshark-c3da1f23d3793b4eb8ddf23f75a29d124c34b085.tar.gz |
Add missing checks for a too-large packet, so we don't blow up trying to
allocate a huge buffer.
svn path=/trunk/; revision=40170
Diffstat (limited to 'wiretap/packetlogger.c')
-rw-r--r-- | wiretap/packetlogger.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/wiretap/packetlogger.c b/wiretap/packetlogger.c index 79e67cfaf1..afe918f9a9 100644 --- a/wiretap/packetlogger.c +++ b/wiretap/packetlogger.c @@ -106,6 +106,16 @@ packetlogger_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset) *err_info = g_strdup_printf("packetlogger: record length %u is too small", pl_hdr.len); return FALSE; } + if (pl_hdr.len - 8 > WTAP_MAX_PACKET_SIZE) { + /* + * Probably a corrupt capture file; don't blow up trying + * to allocate space for an immensely-large packet. + */ + *err = WTAP_ERR_BAD_RECORD; + *err_info = g_strdup_printf("packetlogger: File has %u-byte packet, bigger than maximum of %u", + pl_hdr.len - 8, WTAP_MAX_PACKET_SIZE); + return FALSE; + } buffer_assure_space(wth->frame_buffer, pl_hdr.len - 8); bytes_read = file_read(buffer_start_ptr(wth->frame_buffer), |