Wireshark-commits: [Wireshark-commits] lts-1.8.2 ceee21d: Fix buffer overrun in zlib decompression
From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Tue, 1 Mar 2016 19:25:35 +0000 (UTC)
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ceee21db98c76c602f17b154beb09e8f4966bd66
Submitter: Balint Reczey (balint@xxxxxxxxxxxxxxx)
Changed: branch: lts-1.8.2
Repository: wireshark

Commits:

ceee21d by Peter Wu (peter@xxxxxxxxxxxxx):

    Fix buffer overrun in zlib decompression
    
    After updating next_in (to remove the gzip header), avail_in must also
    be updated. Failing to do makes zlib read past the input buffer. In
    theory this would resukt in a buffer overrun of at most double the input
    length, in practice zlib returns as soon as the compression fails (after
    reading a few bytes).
    
    Conflicts:
    	epan/tvbuff_zlib.c
    
    Bug: 11548
    Change-Id: If71691a2846338f46d866964a77cc4e74a9b61dd
    Reviewed-on: https://code.wireshark.org/review/12038
    Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
    Tested-by: Petri Dish Buildbot <buildbot-no-reply@xxxxxxxxxxxxx>
    Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
    (cherry picked from commit cec0593ae6c3bca65eff65741c2a10f3de3e0afe)
    Reviewed-on: https://code.wireshark.org/review/12138
    (cherry picked from commit ff0220fda472b0b08796dbd8aa4c22dd665d9223)
    Reviewed-on: https://code.wireshark.org/review/13759
    Reviewed-by: Balint Reczey <balint@xxxxxxxxxxxxxxx>
    Reviewed-on: https://code.wireshark.org/review/14249
    

Actions performed:

    from  8f4a7b1   Check *how many* fields sscanf() found.
    adds  ceee21d   Fix buffer overrun in zlib decompression


Summary of changes:
 epan/tvbuff.c |    8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)