From 38b428a31736cb08563442e3c97564951f7f6601 Mon Sep 17 00:00:00 2001 From: Guy Harris Date: Thu, 16 Feb 2017 00:18:30 -0800 Subject: [PATCH] Report an error for too-short packets. The packet length field gives the length of the *entire* packet, so, by definition, it must not be zero. Make sure it's at least big enough for the packet header itself plus one segment header. Bug: 13416 Change-Id: I625bd5c0ce75ab1200b3becf12fc1c819fefcd63 Reviewed-on: https://code.wireshark.org/review/20133 Reviewed-by: Guy Harris (cherry picked from commit c7042bedbb3b12c5f4e19e59e52da370d4ffe62f) Reviewed-on: https://code.wireshark.org/review/20135 --- wiretap/stanag4607.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/wiretap/stanag4607.c b/wiretap/stanag4607.c index 9aa3105..2572aba 100644 --- a/wiretap/stanag4607.c +++ b/wiretap/stanag4607.c @@ -36,6 +36,9 @@ typedef struct { time_t base_secs; } stanag4607_t; +#define PKT_HDR_SIZE 32 /* size of a packet header */ +#define SEG_HDR_SIZE 5 /* size of a segment header */ + static gboolean is_valid_id(guint16 version_id) { #define VERSION_21 0x3231 @@ -53,7 +56,7 @@ static gboolean stanag4607_read_file(wtap *wth, FILE_T fh, struct wtap_pkthdr *p stanag4607_t *stanag4607 = (stanag4607_t *)wth->priv; guint32 millisecs, secs, nsecs; gint64 offset = 0; - guint8 stanag_pkt_hdr[37]; + guint8 stanag_pkt_hdr[PKT_HDR_SIZE+SEG_HDR_SIZE]; guint32 packet_size; *err = 0; @@ -83,6 +86,16 @@ static gboolean stanag4607_read_file(wtap *wth, FILE_T fh, struct wtap_pkthdr *p "bigger than maximum of %u", packet_size, WTAP_MAX_PACKET_SIZE); return FALSE; } + if (packet_size < PKT_HDR_SIZE+SEG_HDR_SIZE) { + /* + * Probably a corrupt capture file; don't, for example, loop + * infinitely if the size is zero. + */ + *err = WTAP_ERR_BAD_FILE; + *err_info = g_strdup_printf("stanag4607: File has %" G_GUINT32_FORMAT "d-byte packet, " + "smaller than minimum of %u", packet_size, PKT_HDR_SIZE+SEG_HDR_SIZE); + return FALSE; + } phdr->caplen = packet_size; phdr->len = packet_size; -- 1.7.9.5