Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:Update
wireshark.651
wireshark-CVE-2015-3813.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File wireshark-CVE-2015-3813.patch of Package wireshark.651
Index: wireshark-1.10.14/epan/reassemble.c =================================================================== --- wireshark-1.10.14.orig/epan/reassemble.c +++ wireshark-1.10.14/epan/reassemble.c @@ -1008,10 +1008,12 @@ fragment_add_work(fragment_data *fd_head /* If we have reached this point, the packet is not defragmented yet. * Save all payload in a buffer until we can defragment. - * XXX - what if we didn't capture the entire fragment due - * to a too-short snapshot length? */ - fd->data = (unsigned char *)g_malloc(fd->len); + if (!tvb_bytes_exist(tvb, offset, fd->len)) { + g_slice_free(fragment_data, fd); + THROW(BoundsError); + } + fd->data = (unsigned char *)g_malloc(fd->len); tvb_memcpy(tvb, fd->data, offset, fd->len); LINK_FRAG(fd_head,fd); @@ -1719,11 +1721,16 @@ fragment_add_seq_work(fragment_data *fd_ /* If we have reached this point, the packet is not defragmented yet. * Save all payload in a buffer until we can defragment. - * XXX - what if we didn't capture the entire fragment due - * to a too-short snapshot length? */ /* check len, there may be a fragment with 0 len, that is actually the tail */ if (fd->len) { + if (!tvb_bytes_exist(tvb, offset, fd->len)) { + /* abort if we didn't capture the entire fragment due + * to a too-short snapshot length */ + g_slice_free(fragment_data, fd); + return FALSE; + } + fd->data = (unsigned char *)g_malloc(fd->len); tvb_memcpy(tvb, fd->data, offset, fd->len); }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor