Wireshark-commits: [Wireshark-commits] master 0ac9449: We can't check the length of an SHB until we
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=0ac944944233b49c77a77da65be19ce4c2e65647
Submitter: Guy Harris (guy@xxxxxxxxxxxx)
Changed: branch: master
Repository: wireshark
Commits:
0ac9449 by Guy Harris (guy@xxxxxxxxxxxx):
We can't check the length of an SHB until we determine the byte order.
Don't check a possibly-byte-swapped length against the minimum SHB size;
it'll probably look huge if it's byte-swapped, so the test won't fail
even if it is too small, and a really huge SHB's length could look too
small if it's byte-swapped.
Do the check *after* we've read the fixed-length portion of the block;
yes, that means we've read past the purported size of the block at that
point, but if that read succeeds, that doesn't matter, and if that read
fails, it just means we'll report "file cut short" rather than "bad SHB
length", *both* of which are problems with the file.
Change-Id: Ie3b5700662f2a6da40d373a84f00a8fc2cf0ce1b
Reviewed-on: https://code.wireshark.org/review/4692
Reviewed-by: Guy Harris <guy@xxxxxxxxxxxx>
Actions performed:
from 4420461 Don't assume pcap_read_block() returns the number of bytes read.
adds 0ac9449 We can't check the length of an SHB until we determine the byte order.
Summary of changes:
wiretap/pcapng.c | 32 ++++++++++++++++----------------
1 file changed, 16 insertions(+), 16 deletions(-)