Fix the crash reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6804

For WTAP_ENCAP_ERF files if we find an Extension and/or Multi-Channel header,
ensure that the size of the full pseudoheader is smaller than the packet size
to avoid an underflow and subsequent attempt to allocate a rather large amount
of memory.

svn path=/trunk/; revision=41008

diff --git a/wiretap/pcap-common.c b/wiretap/pcap-common.c
index ed6915b2876421e02fd83e1285066121529d1ec3..576e5d82d4d918f73a3e03892833dc3da7eebe71 100644 (file)
--- a/wiretap/pcap-common.c
+++ b/wiretap/pcap-common.c
@@ -1602,6 +1602,18 @@ pcap_process_pseudo_header(FILE_T fh, int file_type, int wtap_encap,
                        return -1;      /* Read error */
 
                phdr_len += size;
+
+               if (check_packet_size &&
+                   packet_size < (guint)phdr_len) {
+                       /*
+                        * Uh-oh, the packet isn't big enough for the pseudo-
+                        * header.
+                        */
+                       *err = WTAP_ERR_BAD_FILE;
+                       *err_info = g_strdup_printf("pcap: ERF file has a %u-byte packet, too small for a pseudo-header with ex- and sub-headers (%d)",
+                           packet_size, phdr_len);
+                       return -1;
+               }
                break;
 
        case WTAP_ENCAP_I2C: