URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3d2e2a209cf34108ca71c6be576bebeea1f9570d
Submitter: Balint Reczey (balint@xxxxxxxxxxxxxxx)
Changed: branch: lts-1.12.1
Repository: wireshark
Commits:
3d2e2a2 by Peter Wu (peter@xxxxxxxxxxxxx):
Fix buffer overrun in zlib decompression
After updating next_in (to remove the gzip header), avail_in must also
be updated. Failing to do makes zlib read past the input buffer. In
theory this would resukt in a buffer overrun of at most double the input
length, in practice zlib returns as soon as the compression fails (after
reading a few bytes).
Bug: 11548
Change-Id: If71691a2846338f46d866964a77cc4e74a9b61dd
Reviewed-on: https://code.wireshark.org/review/12038
Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@xxxxxxxxxxxxx>
Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
(cherry picked from commit cec0593ae6c3bca65eff65741c2a10f3de3e0afe)
Reviewed-on: https://code.wireshark.org/review/12138
(cherry picked from commit ff0220fda472b0b08796dbd8aa4c22dd665d9223)
Reviewed-on: https://code.wireshark.org/review/13759
Reviewed-by: Balint Reczey <balint@xxxxxxxxxxxxxxx>
Actions performed:
from 2f51a73 Check *how many* fields sscanf() found.
adds 3d2e2a2 Fix buffer overrun in zlib decompression
Summary of changes:
epan/tvbuff_zlib.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)