Wireshark-commits: [Wireshark-commits] master-2.4 ed9eccc: ber: clamp BER lengths to avoid integer
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ed9ecccaa493b97186ad64c02430117ff678a2b0
Submitter: Guy Harris (guy@xxxxxxxxxxxx)
Changed: branch: master-2.4
Repository: wireshark
Commits:
ed9eccc by Peter Wu (peter@xxxxxxxxxxxxx):
ber: clamp BER lengths to avoid integer overflow
Many callers treat the length as signed integer, so ensure that the
length fits in such a number. Failure to do so can have unintended
consequences (such as calling "tvb_memdup(tvb, 0, -1)" and assuming that
the length is actually 2^32-1).
Although an exception could be thrown as well, let's give the caller a
chance to handle this themselves.
Change-Id: If92545f7d3603250f75741040435000ba879b7e3
Ping-Bug: 14682
Reviewed-on: https://code.wireshark.org/review/27563
Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
(cherry picked from commit 67c642047362b5e2546259dd012622ff3dd6c9d9)
Reviewed-on: https://code.wireshark.org/review/27966
Reviewed-by: Guy Harris <guy@xxxxxxxxxxxx>
Actions performed:
from ac94382 ber: fix buffer overrun (read) in dissect_ber_constrained_bitstring
adds ed9eccc ber: clamp BER lengths to avoid integer overflow
Summary of changes:
epan/dissectors/packet-ber.c | 5 +++++
1 file changed, 5 insertions(+)