net/wireshark/patches/patch-ag


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

$NetBSD: patch-ag,v 1.1.2.2 2011/02/11 05:40:44 sbd Exp $

--- wiretap/pcapng.c.orig	2011-01-11 19:24:22.000000000 +0000
+++ wiretap/pcapng.c
@@ -806,18 +806,26 @@ pcapng_read_packet_block(FILE_T fh, pcap
 		pcapng_debug2("pcapng_read_packet_block:cap_len %d is larger than packet_len %u.",
 		              wblock->data.packet.cap_len, wblock->data.packet.packet_len);
 		*err = WTAP_ERR_BAD_RECORD;
+		*err_info = g_strdup("pcapng_read_packet_block:cap_len is larger than packet_len");
 		return 0;
 	}
 	if (wblock->data.packet.cap_len > WTAP_MAX_PACKET_SIZE) {
 		pcapng_debug2("pcapng_read_packet_block:cap_len %d is larger than WTAP_MAX_PACKET_SIZE %u.",
 		              wblock->data.packet.cap_len, WTAP_MAX_PACKET_SIZE);
 		*err = WTAP_ERR_BAD_RECORD;
+		*err_info = g_strdup("pcapng_read_packet_block:cap_len is larger than WTAP_MAX_PACKET_SIZE");
 		return 0;
 	}
 	pcapng_debug3("pcapng_read_packet_block: packet data: packet_len %u captured_len %u interface_id %u",
 	              wblock->data.packet.packet_len,
 	              wblock->data.packet.cap_len,
 	              wblock->data.packet.interface_id);
+	if (wblock->data.packet.packet_len > WTAP_MAX_PACKET_SIZE) {
+		*err = WTAP_ERR_BAD_RECORD;
+		*err_info = g_strdup_printf("pcapng_read_packet_block: packet_len %u is larger than WTAP_MAX_PACKET_SIZE %u.",
+			wblock->data.packet.packet_len, WTAP_MAX_PACKET_SIZE);
+		return 0;
+	}
 
 	wtap_encap = pcapng_get_encap(wblock->data.packet.interface_id, pn);
 	pcapng_debug3("pcapng_read_packet_block: encapsulation = %d (%s), pseudo header size = %d.",
@@ -980,6 +988,12 @@ pcapng_read_simple_packet_block(FILE_T f
 	}
 	pcapng_debug1("pcapng_read_simple_packet_block: packet data: packet_len %u",
 	               wblock->data.simple_packet.packet_len);
+	if (wblock->data.simple_packet.packet_len > WTAP_MAX_PACKET_SIZE) {
+		*err = WTAP_ERR_BAD_RECORD;
+		*err_info = g_strdup_printf("pcapng_read_simple_packet_block: packet_len %u is larger than WTAP_MAX_PACKET_SIZE %u.",
+			wblock->data.simple_packet.packet_len, WTAP_MAX_PACKET_SIZE);
+		return 0;
+	}
 
 	encap = pcapng_get_encap(0, pn);
 	pcapng_debug1("pcapng_read_simple_packet_block: Need to read pseudo header of size %d",