git.samba.org / metze / wireshark / wip.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b580bdb)
tvb_get_guintvar: don't overflow our return value
authorMartin Kaiser <wireshark@kaiser.cx>
Sat, 3 Mar 2018 14:25:56 +0000 (15:25 +0100)
committerAnders Broman <a.broman58@gmail.com>
Sun, 4 Mar 2018 07:44:11 +0000 (07:44 +0000)
tvb_get_guintvar() returns a guint. If we haven't seen the final byte
after sizeof(guint) bytes, something is wrong. Abort and return 0.

This is the minimum fix for

Bug: 14473

Change-Id: Ibe8a1239c1cbbeec0591c66710416bb56f9f60dc
Reviewed-on: https://code.wireshark.org/review/26242
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
epan/dissectors/packet-wap.c patch | blob | history

diff --git a/epan/dissectors/packet-wap.c b/epan/dissectors/packet-wap.c
index 3c0ea83804ad47b977744b556faf8adc84a18c03..64f273f06843831d5c5f9b4030c5d2f956541b7c 100644 (file)
--- a/epan/dissectors/packet-wap.c
+++ b/epan/dissectors/packet-wap.c
@@ -58,7 +58,7 @@ tvb_get_guintvar (tvbuff_t *tvb, guint offset, guint *octetCount, packet_info *p
 #endif
     }
 
-    if (counter > 5) {
+    if (counter > sizeof(value)) {
         proto_tree_add_expert(NULL, pinfo, ei, tvb, offset, counter);
         value = 0;
     }
Unnamed repository; edit this file to name it for gitweb.