Wireshark · Wireshark-commits: [Wireshark-commits] master 9ee790e: tvbuff_zlib: reject negative lengths to avoid buffer overrun

Wireshark-commits: [Wireshark-commits] master 9ee790e: tvbuff_zlib: reject negative lengths to avoi

From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>

Date: Tue, 15 May 2018 17:16:24 +0000

URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9ee790e99c72ddb5b599b8076b4ecf74611b184e
Submitter: Anders Broman (a.broman58@xxxxxxxxx)
Changed: branch: master
Repository: wireshark

Commits:

9ee790e by Peter Wu (peter@xxxxxxxxxxxxx):

    tvbuff_zlib: reject negative lengths to avoid buffer overrun
    
    Negative lengths and empty buffers are not uncompressable, reject them.
    A buffer overrun (read) could occur otherwise due to unsigned "avail_in"
    becoming insanely large.
    
    Bug: 14675
    Change-Id: I20b686cc6ad6ef8a8d1975ed3d2f52c8eb1f1c76
    Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7166
    Reviewed-on: https://code.wireshark.org/review/27561
    Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
    Tested-by: Petri Dish Buildbot
    Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
    

Actions performed:

    from  e67283d   ISMP: fix tuple decoding
    adds  9ee790e   tvbuff_zlib: reject negative lengths to avoid buffer overrun


Summary of changes:
 epan/tvbuff_zlib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Prev by Date: [Wireshark-commits] master e67283d: ISMP: fix tuple decoding
Next by Date: [Wireshark-commits] master df5a8b2: ber: fix buffer overrun (read) in dissect_ber_constrained_bitstring
Previous by thread: [Wireshark-commits] master e67283d: ISMP: fix tuple decoding
Next by thread: [Wireshark-commits] master df5a8b2: ber: fix buffer overrun (read) in dissect_ber_constrained_bitstring
Index(es):
- Date
- Thread