Sanity check iSeries packet length to prevent heap-based buffer overflow.
authorMichael Mann <mmann78@netscape.net>
Sat, 28 Nov 2015 01:37:36 +0000 (20:37 -0500)
committerAnders Broman <a.broman58@gmail.com>
Sat, 28 Nov 2015 09:22:30 +0000 (09:22 +0000)
Bug: 11798
Change-Id: I7aebe709ef4014a385819835ef6effabbb4f0ca4
Reviewed-on: https://code.wireshark.org/review/12238
Reviewed-by: Anders Broman <a.broman58@gmail.com>
wiretap/iseries.c

index 1b7f812e80d97bef121500c4434eef81de6e3afc..4fb1bab118a2d178818d7385bd56ecd36627fa43 100644 (file)
@@ -588,7 +588,7 @@ iseries_parse_packet (wtap * wth, FILE_T fh, struct wtap_pkthdr *phdr,
                 "%12s%*[ \n\t]%12s%*[ \n\t]ETHV2%*[ \n\t]TYPE:%*[ \n\t]%4s",
                 &pktnum, direction, &pkt_len, &hr, &min, &sec, csec, destmac,
                 srcmac, type);
-      if (num_items_scanned == 10)
+      if ((num_items_scanned == 10) && (pkt_len >= 0))
         {
           /* OK! We found the packet header line */
           isValid = TRUE;