git.samba.org / obnox / wireshark / wip.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6fbfcb3)
Check for an overflow. This should hopefully fix bug 3672.
authorgerald <gerald@f5534014-38df-0310-8fa8-9805f1628bb7>
Thu, 16 Jul 2009 22:25:06 +0000 (22:25 +0000)
committergerald <gerald@f5534014-38df-0310-8fa8-9805f1628bb7>
Thu, 16 Jul 2009 22:25:06 +0000 (22:25 +0000)
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@29128 f5534014-38df-0310-8fa8-9805f1628bb7

epan/reassemble.c patch | blob | history

diff --git a/epan/reassemble.c b/epan/reassemble.c
index 7b75c210767c85e8abcfa19460cb69ed1945d93d..267925c13289791597660bc88c8df53df2eeed5d 100644 (file)
--- a/epan/reassemble.c
+++ b/epan/reassemble.c
@@ -710,10 +710,11 @@ fragment_add_work(fragment_data *fd_head, tvbuff_t *tvb, int offset,
         * check it. Someone might play overlap and TTL games.
         */
        if (fd_head->flags & FD_DEFRAGMENTED) {
+               guint32 end_offset = fd->offset + fd->len;
                fd->flags      |= FD_OVERLAP;
                fd_head->flags |= FD_OVERLAP;
                /* make sure it's not too long */
-               if (fd->offset + fd->len > fd_head->datalen) {
+               if (end_offset > fd_head->datalen || end_offset < fd->offset || end_offset < fd->len) {
                        fd->flags      |= FD_TOOLONGFRAGMENT;
                        fd_head->flags |= FD_TOOLONGFRAGMENT;
                }
git mirror of the wireshark svn