Wireshark · Wireshark-commits: [Wireshark-commits] master df5a8b2: ber: fix buffer overrun (read) in dissect_ber_constrained_bitstr

Wireshark-commits: [Wireshark-commits] master df5a8b2: ber: fix buffer overrun (read) in dissect_be

From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>

Date: Tue, 15 May 2018 17:17:18 +0000

URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=df5a8b29bbb046933b73e9e369b9bc9e4b03aaa8
Submitter: Anders Broman (a.broman58@xxxxxxxxx)
Changed: branch: master
Repository: wireshark

Commits:

df5a8b2 by Peter Wu (peter@xxxxxxxxxxxxx):

    ber: fix buffer overrun (read) in dissect_ber_constrained_bitstring
    
    The length is an unsigned integer, but some users (such as tvb_memdup)
    expect signed integers and treat negative values specially.
    
    Bug: 14682
    Change-Id: Ic3330d23d964b5cc44718b61c8985880f901674d
    Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8011
    Reviewed-on: https://code.wireshark.org/review/27562
    Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
    Tested-by: Petri Dish Buildbot
    Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
    

Actions performed:

    from  9ee790e   tvbuff_zlib: reject negative lengths to avoid buffer overrun
    adds  df5a8b2   ber: fix buffer overrun (read) in dissect_ber_constrained_bitstring


Summary of changes:
 epan/dissectors/packet-ber.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

Prev by Date: [Wireshark-commits] master 9ee790e: tvbuff_zlib: reject negative lengths to avoid buffer overrun
Next by Date: [Wireshark-commits] master 67c6420: ber: clamp BER lengths to avoid integer overflow
Previous by thread: [Wireshark-commits] master 9ee790e: tvbuff_zlib: reject negative lengths to avoid buffer overrun
Next by thread: [Wireshark-commits] master 67c6420: ber: clamp BER lengths to avoid integer overflow
Index(es):
- Date
- Thread