Changeset 063d5dd for lib


Ignore:
Timestamp:
01/15/19 11:14:45 (20 months ago)
Author:
Shane Alcock <salcock@…>
Branches:
develop
Children:
f98e550
Parents:
385678b
Message:

pcapng: don't try to read section headers that are bigger than our buffer.

Fixes issues related to #95.

Note: in theory a section header larger than 65536 bytes is
technically valid in pcapng, but there is no realistic scenario
where this should happen. If it did, we would actually need to
read the first 64K bytes, update the section header length to
reflect the truncation we're about to do, then make sure we
read any remaining bytes into a temporary buffer so that our
read pointer is in the right place for the next block.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • lib/format_pcapng.c

    r15f32cb r063d5dd  
    12221222         * we have to skip forward to the next useful header. */
    12231223        bodyptr = (char *) packet->buffer + sizeof(pcapng_sec_t);
     1224
     1225        if (to_read > LIBTRACE_PACKET_BUFSIZE) {
     1226                trace_set_err(libtrace, TRACE_ERR_BAD_PACKET,
     1227                                "Excessively large section header contents of %u bytes, likely a corrupt trace.", to_read);
     1228                return -1;
     1229        }
     1230
    12241231        err = pcapng_read_body(libtrace, bodyptr, to_read);
    12251232        if (err <= 0) {
Note: See TracChangeset for help on using the changeset viewer.