From 90d7c5f59b574e254bc1bb70aaaf12372fe97cc3 Mon Sep 17 00:00:00 2001 From: Guy Harris Date: Wed, 22 Jan 2014 00:26:36 +0000 Subject: Don't write out packets that have a "captured length" bigger than we're willing to read or that's bigger than will fit in the file format; instead, report an error. For the "I can't write a packet of that type in that file type" error, report the file type in question. svn path=/trunk/; revision=54882 --- wiretap/ngsniffer.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'wiretap/ngsniffer.c') diff --git a/wiretap/ngsniffer.c b/wiretap/ngsniffer.c index 0e33072ca7..58031ff38e 100644 --- a/wiretap/ngsniffer.c +++ b/wiretap/ngsniffer.c @@ -2075,6 +2075,13 @@ ngsniffer_dump(wtap_dumper *wdh, const struct wtap_pkthdr *phdr, guint16 start_date; struct tm *tm; + /* The captured length field is 16 bits, so there's a hard + limit of 65535. */ + if (phdr->caplen > 65535) { + *err = WTAP_ERR_PACKET_TOO_LARGE; + return FALSE; + } + /* Sniffer files have a capture start date in the file header, and have times relative to the beginning of that day in the packet headers; pick the date of the first packet as the capture start -- cgit v1.2.1