Wireshark · Wireshark-commits: [Wireshark-commits] master ba54b89: QUIC: fix out-of-bounds write due to missing CID length check

Wireshark-commits: [Wireshark-commits] master ba54b89: QUIC: fix out-of-bounds write due to missing

From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>

Date: Thu, 18 Jul 2019 01:04:06 +0000

URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ba54b896969930491645aa3ec4125b76480add9c
Submitter: "Peter Wu <peter@xxxxxxxxxxxxx>"
Changed: branch: master
Repository: wireshark

Commits:

ba54b89 by Peter Wu (peter@xxxxxxxxxxxxx):

    QUIC: fix out-of-bounds write due to missing CID length check
    
    The length was previously increased to max 255, but v1 limits it. Be
    sure to check the bounds before doing anything.
    
    Bug: 15919
    Change-Id: I2ed8469d882d5ac2dc4c21e3f5486534e4bf32e6
    Fixes: v3.1.0rc0-1289-g3967f60e45 ("QUIC: update for new Connection ID Lengths (draft -22)")
    Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15936
    Reviewed-on: https://code.wireshark.org/review/34000
    Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
    Tested-by: Petri Dish Buildbot
    Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
    

Actions performed:

    from  fac8c25   Don't just grab raw string data with tvb_memcpy().
     add  ba54b89   QUIC: fix out-of-bounds write due to missing CID length check


Summary of changes:
 epan/dissectors/packet-quic.c | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

Prev by Date: [Wireshark-commits] master fac8c25: Don't just grab raw string data with tvb_memcpy().
Next by Date: [Wireshark-commits] master 3f45a23: ZigBee: Correct naming
Previous by thread: [Wireshark-commits] master fac8c25: Don't just grab raw string data with tvb_memcpy().
Next by thread: [Wireshark-commits] master 3f45a23: ZigBee: Correct naming
Index(es):
- Date
- Thread