Wireshark-bugs: [Wireshark-bugs] [Bug 8364] Denial of Service in packet-reload.c
Date: Thu, 21 Feb 2013 04:14:51 +0000

Comment # 3 on bug 8364 from
Created attachment 10063 [details]
Minimal patch to avoid infinite loop.

This patch avoids the infinite loop for this specific pcap file, but I think
much more than this is needed to fully resolve the problem.  Most offsets in
packet-reload.c seem to be guint16's; maybe changing them all to guint32's is
the best way to handle it ... although caution is still needed.  For example,
given:

while (extensions_offset<extensions_length) {

... extensions_offset will never be greater than extensions_length, so the only
way to break out of the loop will be when they are equal ... unless
extensions_offset is declared as a guint64.

(Not marking for review, since I don't think this should be committed as is -
it's just for illustrative purposes and in the event *something* is needed in
case the build-bots start choking on the attached capture file.)


You are receiving this mail because:
  • You are watching all bug changes.