Make sure the packet length isn't > WTAP_MAX_PACKET_SIZE.

Change-Id: I65c1e87e2fcff93b3db998666ff51f19ecd71b55
Reviewed-on: https://code.wireshark.org/review/15233
Reviewed-by: Guy Harris <guy@alum.mit.edu>

diff --git a/wiretap/iseries.c b/wiretap/iseries.c
index 4f446eee335771b195c1828a5e374f4b884979bd..c2e6c41730d22faada04bc360aa90d7ba58ee018 100644 (file)
--- a/wiretap/iseries.c
+++ b/wiretap/iseries.c
@@ -680,7 +680,25 @@ iseries_parse_packet (wtap * wth, FILE_T fh, struct wtap_pkthdr *phdr,
           /*
            * XXX - The Capture length returned by the iSeries trace doesn't
            * seem to include the Ethernet header, so we add its length here.
+           *
+           * Check the length first, just in case it's *so* big that, after
+           * adding the Ethernet header length, it overflows.
            */
+          if (pkt_len > WTAP_MAX_PACKET_SIZE - 14)
+            {
+              /*
+               * Probably a corrupt capture file; don't blow up trying
+               * to allocate space for an immensely-large packet, and
+               * don't think it's a really *small* packet because it
+               * overflowed.  (Calculate the size as a 64-bit value in
+               * the error message, to avoid an overflow.)
+               */
+              *err = WTAP_ERR_BAD_FILE;
+              *err_info = g_strdup_printf("iseries: File has %" G_GUINT64_FORMAT "-byte packet, bigger than maximum of %u",
+                                          (guint64)pkt_len + 14,
+                                          WTAP_MAX_PACKET_SIZE);
+              return FALSE;
+            }
           pkt_len += 14;
           break;
         }