Changeset 15f32cb for lib


Ignore:
Timestamp:
01/14/19 17:32:34 (21 months ago)
Author:
Shane Alcock <salcock@…>
Branches:
develop
Children:
d0941cc
Parents:
5460603
Message:

Fix potential buffer overflow in pcapng:

Fixes #95.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • lib/format_pcapng.c

    rd83006c r15f32cb  
    11581158        pcapng_sec_t *sechdr;
    11591159        int err;
    1160         uint32_t to_read;
     1160        uint32_t to_read, blocklen;
    11611161        char *bodyptr = NULL;
    11621162
     
    12021202                        return -1;
    12031203                }
    1204                 to_read = byteswap32(sechdr->blocklen) - sizeof(pcapng_sec_t);
     1204                blocklen = byteswap32(sechdr->blocklen);
     1205
    12051206        } else {
    12061207                if (sechdr->majorversion != 1 && sechdr->minorversion != 0) {
     
    12091210                        return -1;
    12101211                }
    1211                 to_read = sechdr->blocklen - sizeof(pcapng_sec_t);
    1212         }
    1213 
     1212                blocklen = sechdr->blocklen;
     1213        }
     1214
     1215        if (blocklen < sizeof(pcapng_sec_t)) {
     1216                trace_set_err(libtrace, TRACE_ERR_BAD_PACKET,
     1217                                "Block length in pcapng section header is invalid.");
     1218                return -1;
     1219        }
     1220        to_read = blocklen - sizeof(pcapng_sec_t);
    12141221        /* Read all of the options etc. -- we don't need them for now, but
    12151222         * we have to skip forward to the next useful header. */
Note: See TracChangeset for help on using the changeset viewer.