URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=67c642047362b5e2546259dd012622ff3dd6c9d9
Submitter: Anders Broman (a.broman58@xxxxxxxxx)
Changed: branch: master
Repository: wireshark
Commits:
67c6420 by Peter Wu (peter@xxxxxxxxxxxxx):
ber: clamp BER lengths to avoid integer overflow
Many callers treat the length as signed integer, so ensure that the
length fits in such a number. Failure to do so can have unintended
consequences (such as calling "tvb_memdup(tvb, 0, -1)" and assuming that
the length is actually 2^32-1).
Although an exception could be thrown as well, let's give the caller a
chance to handle this themselves.
Change-Id: If92545f7d3603250f75741040435000ba879b7e3
Ping-Bug: 14682
Reviewed-on: https://code.wireshark.org/review/27563
Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
Actions performed:
from df5a8b2 ber: fix buffer overrun (read) in dissect_ber_constrained_bitstring
adds 67c6420 ber: clamp BER lengths to avoid integer overflow
Summary of changes:
epan/dissectors/packet-ber.c | 5 +++++
1 file changed, 5 insertions(+)