wireshark/wireshark-1.2.17-CVE-2011-1957.patch

--- trunk/epan/dissectors/packet-dcm.c	2011/04/30 08:36:00	36957
+++ trunk/epan/dissectors/packet-dcm.c	2011/04/30 17:43:05	36958
@@ -6519,6 +6519,7 @@
 
      /* Process all PDUs in the buffer */
     while (pdu_start < tlen) {
+	guint32 old_pdu_start;
 
 	if ((pdu_len+6) > (tlen-offset)) {
 
@@ -6539,7 +6540,13 @@
 	offset=dissect_dcm_pdu(tvb, pinfo, tree, pdu_start);
 
 	/* Next PDU */
+	old_pdu_start = pdu_start;
 	pdu_start =  pdu_start + pdu_len + 6;
+	if (pdu_start <= old_pdu_start) {
+	    expert_add_info_format(pinfo, NULL, PI_MALFORMED, PI_ERROR,
+		"Invalid PDU length (%u)", pdu_len);
+	    THROW(ReportedBoundsError);
+	}
 
 	if (pdu_start < tlen - 6) {
 	    /* we got at least 6 bytes of the next PDU still in the buffer */
Accepting request 76454 from home:cyliu:branches:network:utilities fix bnc#697516 OBS-URL: https://build.opensuse.org/request/show/76454 OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=42 2011-07-20 05:05:04 +02:00			`--- trunk/epan/dissectors/packet-dcm.c 2011/04/30 08:36:00 36957`
			`+++ trunk/epan/dissectors/packet-dcm.c 2011/04/30 17:43:05 36958`
			`@@ -6519,6 +6519,7 @@`

			`/* Process all PDUs in the buffer */`
			`while (pdu_start < tlen) {`
			`+ guint32 old_pdu_start;`

			`if ((pdu_len+6) > (tlen-offset)) {`

			`@@ -6539,7 +6540,13 @@`
			`offset=dissect_dcm_pdu(tvb, pinfo, tree, pdu_start);`

			`/* Next PDU */`
			`+ old_pdu_start = pdu_start;`
			`pdu_start = pdu_start + pdu_len + 6;`
			`+ if (pdu_start <= old_pdu_start) {`
			`+ expert_add_info_format(pinfo, NULL, PI_MALFORMED, PI_ERROR,`
			`+ "Invalid PDU length (%u)", pdu_len);`
			`+ THROW(ReportedBoundsError);`
			`+ }`

			`if (pdu_start < tlen - 6) {`
			`/* we got at least 6 bytes of the next PDU still in the buffer */`