diff options
| -rw-r--r-- | wiretap/ber.c | 3 | ||||
| -rw-r--r-- | wiretap/erf.c | 8 |
2 files changed, 11 insertions, 0 deletions
diff --git a/wiretap/ber.c b/wiretap/ber.c index 6e37a6fe9e..c38d30c410 100644 --- a/wiretap/ber.c +++ b/wiretap/ber.c @@ -171,6 +171,9 @@ int ber_open(wtap *wth, int *err, gchar **err_info _U_) if(len != file_size) { return 0; /* not ASN.1 */ } + }else{ + /* XXX what if indefinet length? */ + return 0; } /* seek back to the start of the file */ diff --git a/wiretap/erf.c b/wiretap/erf.c index c12de8c463..87fbae93e5 100644 --- a/wiretap/erf.c +++ b/wiretap/erf.c @@ -120,6 +120,14 @@ int erf_open(wtap *wth, int *err, gchar **err_info _U_) packet_size = g_ntohs(header.rlen) - sizeof(header); + if (packet_size > WTAP_MAX_PACKET_SIZE) { + /* + * Probably a corrupt capture file; don't blow up trying + * to allocate space for an immensely-large packet. + */ + return 0; + } + /* fail on invalid record type, decreasing timestamps or non-zero pad-bits */ /* Not all types within this range are decoded, but it is a first filter */ if (header.type == 0 || header.type > ERF_TYPE_MAX ) { |