URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8c23abe395230e894c49ede95d8506be4e24f7c1
Submitter: Guy Harris (guy@xxxxxxxxxxxx)
Changed: branch: master-2.6
Repository: wireshark
Commits:
8c23abe by Peter Wu (peter@xxxxxxxxxxxxx):
ber: clamp BER lengths to avoid integer overflow
Many callers treat the length as signed integer, so ensure that the
length fits in such a number. Failure to do so can have unintended
consequences (such as calling "tvb_memdup(tvb, 0, -1)" and assuming that
the length is actually 2^32-1).
Although an exception could be thrown as well, let's give the caller a
chance to handle this themselves.
Change-Id: If92545f7d3603250f75741040435000ba879b7e3
Ping-Bug: 14682
Reviewed-on: https://code.wireshark.org/review/27563
Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
(cherry picked from commit 67c642047362b5e2546259dd012622ff3dd6c9d9)
Reviewed-on: https://code.wireshark.org/review/27965
Reviewed-by: Guy Harris <guy@xxxxxxxxxxxx>
Actions performed:
from c092f65 ber: fix buffer overrun (read) in dissect_ber_constrained_bitstring
adds 8c23abe ber: clamp BER lengths to avoid integer overflow
Summary of changes:
epan/dissectors/packet-ber.c | 5 +++++
1 file changed, 5 insertions(+)