Wireshark-commits: [Wireshark-commits] master-2.6 99d27a5: rtcp: fix buffer overflow in transport-c
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=99d27a5fd2c540f837154aca3b3647f5ccfa0c33
Submitter: Peter Wu (peter@xxxxxxxxxxxxx)
Changed: branch: master-2.6
Repository: wireshark
Commits:
99d27a5 by Peter Wu (peter@xxxxxxxxxxxxx):
rtcp: fix buffer overflow in transport-cc dissection
When the packet status chunks cover more packets than advertised in the
packet status count field, fail rather than writing past the end.
https://tools.ietf.org/html/draft-holmer-rmcat-transport-wide-cc-extensions-01#section-3.1.2
Bug: 14673
Change-Id: If90baef3610d8f884b0772a4b81d6dcb4ebc9227
Fixes: v2.5.0rc0-2533-ga584eab239 ("New RTCP dissector for transport-cc")
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6464
Reviewed-on: https://code.wireshark.org/review/27527
Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Rui Zhang <rzhang@xxxxxxxxxxxxxx>
Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
(cherry picked from commit 4413d43962e1aed72a285ae8fb68780bb64a11fe)
Reviewed-on: https://code.wireshark.org/review/27536
Actions performed:
from b82a9a3 tvbuff: make tvb_bytes_exist fail with negative values
adds 99d27a5 rtcp: fix buffer overflow in transport-cc dissection
Summary of changes:
epan/dissectors/packet-rtcp.c | 41 +++++++++++++++++++++++++++++------------
1 file changed, 29 insertions(+), 12 deletions(-)