From: Jeff Morriss <jeff.morriss.ws@gmail.com>
Date: Tue, 4 Jun 2013 00:50:05 +0000 (-0000)
Subject: Fix the wiretap fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug... 
X-Git-Url: http://git.samba.org/?p=metze%2Fwireshark%2Fwip.git;a=commitdiff_plain;h=0eecced808a1416d3e15a4c6319c8a5651a2f2f7

Fix the wiretap fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8760 :

Check that the record length we got out of the file is at least as big as
stats block trailer; if not, declare the file bad.

svn path=/trunk/; revision=49739
---

diff --git a/wiretap/vwr.c b/wiretap/vwr.c
index 564f4f15b0..2617466df2 100644
--- a/wiretap/vwr.c
+++ b/wiretap/vwr.c
@@ -711,8 +711,14 @@ static gboolean vwr_read(wtap *wth, int *err, gchar **err_info, gint64 *data_off
         return(FALSE);
     }
 
+    if (rec_size < (int)vwr->STATS_LEN) {
+        *err = file_error(wth->fh, err_info);
+        if (*err == 0)
+            *err_info = g_strdup_printf("vwr: Invalid record length %d (must be at least %u)", rec_size, vwr->STATS_LEN);
+            *err = WTAP_ERR_BAD_FILE;
+        return(FALSE);
+    }
     
-
     /* before writing anything out, make sure the buffer has enough space for everything */
     if ((vwr->FPGA_VERSION == vVW510021_W_FPGA) || (vwr->FPGA_VERSION == vVW510006_W_FPGA) )
     /* frames are always 802.11 with an extended radiotap header */