Pascal Quantin
changed
bug 12586
| What |
Removed |
Added |
| Status |
UNCONFIRMED
|
RESOLVED
|
| CC |
|
[email protected]
|
| Resolution |
---
|
NOTOURBUG
|
Comment # 3
on bug 12586
from Pascal Quantin
We added extra checks to ensure that the incl_len field is not bigger than what
Wireshark supports (WTAP_MAX_PACKET_SIZE = 262144).
if (hdr.hdr.incl_len > WTAP_MAX_PACKET_SIZE) {
/*
* Probably a corrupt capture file; return an error,
* so that our caller doesn't blow up trying to allocate
* space for an immensely-large packet.
*/
*err = WTAP_ERR_BAD_FILE;
if (err_info != NULL) {
*err_info = g_strdup_printf("pcap: File has %u-byte packet, bigger
than maximum of %u",
hdr.hdr.incl_len, WTAP_MAX_PACKET_SIZE);
}
return FALSE;
}
This field is NOT designed to store private information. As Jaap indicated,
libpcap was not designed for this, while pcapng was.
You are now hitting one of our heuristics to detect potential malformed capture
files (see https://code.wireshark.org/review/3808).
We are probably not wiling to change this.
You are receiving this mail because:
- You are watching all bug changes.