RELOAD: Fix a length check.
authorGerald Combs <gerald@wireshark.org>
Mon, 19 Feb 2018 22:48:24 +0000 (14:48 -0800)
committerMichael Mann <mmann78@netscape.net>
Tue, 20 Feb 2018 00:52:36 +0000 (00:52 +0000)
Make sure a length value isn't too large.

Bug: 14445
Change-Id: Ie630d59aea744554da22a2b904aca06624c73f7a
Reviewed-on: https://code.wireshark.org/review/25908
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
epan/dissectors/packet-reload.c

index 277fdb19ea99587281330f9ff6ff452023a4066a..3f36c9ecdff759f4a4cfe8cced1306145cc8e604 100644 (file)
@@ -2606,7 +2606,7 @@ dissect_statans(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint16 off
 
   kind_responses_length = tvb_get_ntohl(tvb, offset);
 
-  if (4 + kind_responses_length > length) {
+  if (kind_responses_length > G_MAXUINT16 || 4 + kind_responses_length > length) {
     ti_statans = proto_tree_add_item(tree, hf_reload_statans, tvb, offset, length, ENC_NA);
     expert_add_info_format(pinfo, ti_statans, &ei_reload_truncated_field, "Truncated StatAns");
     return length;