blf: check the validity of the header length field.

author Guy Harris <gharris@sonic.net>

Sat, 18 Nov 2023 19:27:26 +0000 (11:27 -0800)

committer Guy Harris <gharris@sonic.net>

Sat, 18 Nov 2023 19:27:26 +0000 (11:27 -0800)
author Guy Harris <gharris@sonic.net>
Sat, 18 Nov 2023 19:27:26 +0000 (11:27 -0800)
committer Guy Harris <gharris@sonic.net>
Sat, 18 Nov 2023 19:27:26 +0000 (11:27 -0800)
diff --git a/wiretap/blf.c b/wiretap/blf.c

index 46d390c20705817168804d7da3a79b609094735c..ed927711fcf9fa9cf43e242071b4d9a80a322719 100644 (file)
--- a/wiretap/blf.c
+++ b/wiretap/blf.c
@@ -3387,6 +3387,13 @@ blf_open(wtap *wth, int *err, gchar **err_info) {
      }
  
      /* This seems to be an BLF! */
+    /* Check for a valid header length */
+    if (header.header_length < sizeof(blf_blockheader_t)) {
+        *err = WTAP_ERR_BAD_FILE;
+        *err_info = ws_strdup("blf: file header length too short");
+        return WTAP_OPEN_ERROR;
+    }
+
      /* skip past the header, which may include padding/reserved space */
      if (file_seek(wth->fh, header.header_length, SEEK_SET, err) < 0) {
          return WTAP_OPEN_ERROR;
author	Guy Harris <gharris@sonic.net>
	Sat, 18 Nov 2023 19:27:26 +0000 (11:27 -0800)
committer	Guy Harris <gharris@sonic.net>
	Sat, 18 Nov 2023 19:27:26 +0000 (11:27 -0800)