Wireshark-commits: [Wireshark-commits] master-2.6 ff72047: tvbuff_zlib: reject negative lengths to
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ff72047c3da75d290a27285b7c0c11d0fc48a775
Submitter: Peter Wu (peter@xxxxxxxxxxxxx)
Changed: branch: master-2.6
Repository: wireshark
Commits:
ff72047 by Peter Wu (peter@xxxxxxxxxxxxx):
tvbuff_zlib: reject negative lengths to avoid buffer overrun
Negative lengths and empty buffers are not uncompressable, reject them.
A buffer overrun (read) could occur otherwise due to unsigned "avail_in"
becoming insanely large.
Bug: 14675
Change-Id: I20b686cc6ad6ef8a8d1975ed3d2f52c8eb1f1c76
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7166
Reviewed-on: https://code.wireshark.org/review/27561
Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
(cherry picked from commit 9ee790e99c72ddb5b599b8076b4ecf74611b184e)
Reviewed-on: https://code.wireshark.org/review/27899
Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
Actions performed:
from 46e2816 RPC-over-RDMA: fix infinite loop
adds ff72047 tvbuff_zlib: reject negative lengths to avoid buffer overrun
Summary of changes:
epan/tvbuff_zlib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)