Changeset 063d5dd for lib

Timestamp:

01/15/19 11:14:45 (20 months ago)

Author:

Shane Alcock <salcock@…>

Branches:

develop

Children:

f98e550

Parents:

385678b

Message:

pcapng: don't try to read section headers that are bigger than our buffer.

Fixes issues related to #95.

Note: in theory a section header larger than 65536 bytes is
technically valid in pcapng, but there is no realistic scenario
where this should happen. If it did, we would actually need to
read the first 64K bytes, update the section header length to
reflect the truncation we're about to do, then make sure we
read any remaining bytes into a temporary buffer so that our
read pointer is in the right place for the next block.

File:

• lib/format_pcapng.c (modified) (1 diff)

lib/format_pcapng.c

@@ -1222 +1222 @@
          * we have to skip forward to the next useful header. */
         bodyptr = (char *) packet->buffer + sizeof(pcapng_sec_t);
+
+        if (to_read > LIBTRACE_PACKET_BUFSIZE) {
+                trace_set_err(libtrace, TRACE_ERR_BAD_PACKET,
+                                "Excessively large section header contents of %u bytes, likely a corrupt trace.", to_read);
+                return -1;
+        }
+
         err = pcapng_read_body(libtrace, bodyptr, to_read);
         if (err <= 0) {